urlscan.io logo urlscan.io
SecurityTrails logo

www.aiupnow.com Open in urlscan Pro
2a00:1450:4001:810::2013  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://t.co/IMBWIxzlWq
Effective URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Submission: On December 15 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 96 IPs in 8 countries across 93 domains to perform 561 HTTP transactions. The main IP is 2a00:1450:4001:810::2013, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is www.aiupnow.com.
TLS certificate: Issued by GTS CA 1D4 on December 2nd 2021. Valid for: 3 months.
This is the only time www.aiupnow.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 104.244.42.69 13414 (TWITTER)
1 13 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
1 2.18.235.93 16625 (AKAMAI-AS)
11 151.139.128.11 20446 (HIGHWINDS3)
1 2a00:1450:400... 15169 (GOOGLE)
16 2a00:1450:400... 15169 (GOOGLE)
20 2a00:1450:400... 15169 (GOOGLE)
20 172.66.41.9 13335 (CLOUDFLAR...)
9 2a00:1450:400... 15169 (GOOGLE)
6 2a03:2880:f04... 32934 (FACEBOOK)
4 2a00:1450:400... 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 184.73.100.94 14618 (AMAZON-AES)
38 2a00:1450:400... 15169 (GOOGLE)
4 199.232.192.134 54113 (FASTLY)
11 2a00:1450:400... 15169 (GOOGLE)
2 142.250.185.226 15169 (GOOGLE)
9 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
3 15 2a02:6b8::1:119 208722 (YNDX)
1 34.204.113.242 14618 (AMAZON-AES)
8 188.65.124.90 41690 (DAILYMOTI...)
32 2a03:2880:f14... 32934 (FACEBOOK)
1 2 2600:1901:1:c... 15169 (GOOGLE)
46 2606:4700:303... 13335 (CLOUDFLAR...)
21 2a00:1450:400... 15169 (GOOGLE)
14 2a00:1450:400... 15169 (GOOGLE)
16 2600:9000:21f... 16509 (AMAZON-02)
8 151.101.192.134 54113 (FASTLY)
1 107.20.140.231 14618 (AMAZON-AES)
1 34.73.247.27 396982 (GOOGLE-PR...)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 141.193.213.21 209242 (CLOUDFLAR...)
11 13.224.194.92 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
18 178.79.242.16 22822 (LLNW)
3 2a00:1288:80:... 203220 (YAHOO-DEB)
2 52.216.101.51 16509 (AMAZON-02)
2 2606:2800:233... 15133 (EDGECAST)
5 2a04:4e42:62:... 54113 (FASTLY)
17 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
14 188.65.124.59 41690 (DAILYMOTI...)
3 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 54.86.62.20 14618 (AMAZON-AES)
1 172.66.42.247 13335 (CLOUDFLAR...)
1 104.16.139.31 13335 (CLOUDFLAR...)
1 217.20.152.207 47764 (MAILRU-AS...)
1 184.30.24.193 16625 (AKAMAI-AS)
1 151.101.193.140 54113 (FASTLY)
1 192.0.77.40 2635 (AUTOMATTIC)
1 87.240.190.72 47541 (VKONTAKTE...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 34.120.195.249 15169 (GOOGLE)
1 67.202.105.32 32748 (STEADFAST)
2 8 2.18.234.21 16625 (AKAMAI-AS)
1 51.89.9.254 16276 (OVH)
4 4 198.47.127.18 3257 (GTT-BACKB...)
2 2 198.47.127.20 3257 (GTT-BACKB...)
4 4 185.33.221.91 29990 (ASN-APPNEX)
1 35.244.159.8 15169 (GOOGLE)
3 3 18.156.0.31 16509 (AMAZON-02)
3 3 213.19.147.44 26120 (RHYTHMONE)
2 3 52.223.40.198 16509 (AMAZON-02)
1 1 70.42.32.95 22075 (AS-OUTBRAIN)
1 178.162.133.149 60781 (LEASEWEB-...)
1 52.19.63.112 16509 (AMAZON-02)
1 174.137.133.49 27257 (WEBAIR-IN...)
2 2 3.120.35.153 16509 (AMAZON-02)
1 38.27.122.158 174 (COGENT-174)
2 2 72.251.249.13 29791 (VOXEL-DOT...)
3 3 142.250.185.66 15169 (GOOGLE)
1 1 185.64.190.80 62713 (AS-PUBMATIC)
1 1 199.38.167.128 54312 (ROCKETFUEL)
1 67.202.105.24 32748 (STEADFAST)
6 2a00:1450:400... 15169 (GOOGLE)
1 188.65.124.91 41690 (DAILYMOTI...)
40 2a00:1450:400... 15169 (GOOGLE)
2 34.255.13.78 16509 (AMAZON-02)
8 11 2a00:1450:400... 15169 (GOOGLE)
1 2 209.54.177.54 16509 (AMAZON-02)
2 2 135.125.160.160 16276 (OVH)
2 2 3.120.29.221 16509 (AMAZON-02)
1 1 66.155.71.149 13768 (COGECO-PEER1)
1 173.231.184.20 29791 (VOXEL-DOT...)
1 2a00:1450:400... 15169 (GOOGLE)
13 188.65.124.38 41690 (DAILYMOTI...)
1 184.25.50.162 20940 (AKAMAI-ASN1)
4 188.65.126.236 41690 (DAILYMOTI...)
1 199.232.198.49 54113 (FASTLY)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
2 2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 151.101.2.137 54113 (FASTLY)
1 104.111.214.240 16625 (AKAMAI-AS)
2 162.247.243.146 13335 (CLOUDFLAR...)
1 151.101.114.132 ()
2 99.80.67.138 ()
1 2.18.232.28 ()
1 2600:9000:21f... ()
9 54.149.196.103 ()
5 70.42.32.191 ()
2 4 13.225.87.89 ()
561 96
1    104.244.42.69 (United States)

ASN13414 (TWITTER, US)
t.co
13    2a00:1450:4001:810::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.aiupnow.com
5    2a00:1450:4001:829::2009 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.blogger.com
resources.blogblog.com
1    2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com
contextual.media.net
11    151.139.128.11 (United States)

ASN20446 (HIGHWINDS3, US)
cdn.shareaholic.net
m9m6e2w5.stackpathcdn.com
1    2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
16    2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
4.bp.blogspot.com
1.bp.blogspot.com
yt3.ggpht.com
3.bp.blogspot.com
20    2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
20    172.66.41.9 (United States)

ASN13335 (CLOUDFLARENET, US)
resources.infolinks.com
router.infolinks.com
rt3054.infolinks.com
9    2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
apis.google.com
6    2a03:2880:f045:10:face:b00c:0:3 (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)
connect.facebook.net
scontent.xx.fbcdn.net
4    2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
7    2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    184.73.100.94 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-184-73-100-94.compute-1.amazonaws.com
www.shareaholic.net
38    2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
adservice.google.de
4    199.232.192.134 (United States)

ASN54113 (FASTLY, US)
sigma2.disqus.com
referrer.disqus.com
11    2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net
partner.googleadservices.com
pubads.g.doubleclick.net
9    2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
www.googletagservices.com
4    2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
15    2a02:6b8::1:119 (Moscow, Russian Federation)

ASN208722 (YNDX, FI)
mc.yandex.ru
mc.yandex.com
1    34.204.113.242 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-204-113-242.compute-1.amazonaws.com
analytics.shareaholic.com
8    188.65.124.90 (France)

ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR)
PTR: fp.dc3.dailymotion.com
www.dailymotion.com
graphql.api.dailymotion.com
32    2a03:2880:f145:82:face:b00c:0:25de (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    2600:1901:1:c36:: (United States)

ASN15169 (GOOGLE, US)
open.spotify.com
46    2606:4700:3032::ac43:a881 (United States)

ASN13335 (CLOUDFLARENET, US)
snd.click
21    2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.youtube.com
feeds.feedburner.com
img.youtube.com
14    2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
16    2600:9000:21f3:7a00:6:8656:f5c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
c.disquscdn.com
8    151.101.192.134 (United States)

ASN54113 (FASTLY, US)
disqus.com
1    107.20.140.231 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-20-140-231.compute-1.amazonaws.com
partner.shareaholic.com
1    34.73.247.27 (North Charleston, United States)

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: 27.247.73.34.bc.googleusercontent.com
www.saastr.com
1    2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
drive.google.com
2    2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
doc-0o-0c-docs.googleusercontent.com
1    2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
docs.google.com
1    141.193.213.21 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
blogs.windows.com
11    13.224.194.92 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-194-92.fra2.r.cloudfront.net
d2908q01vomqb2.cloudfront.net
1    2a00:1450:4001:812::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
accounts.google.com
18    178.79.242.16 (United States)

ASN22822 (LLNW, US)
PTR: https-178-79-242-16.fra.llnw.net
static1.dmcdn.net
vendorlist.dmcdn.net
s1.dmcdn.net
3    2a00:1288:80:800::7001 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)
s.yimg.com
2    52.216.101.51 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
media-mbst-pub-ue1.s3.amazonaws.com
2    2606:2800:233:af6:eab:2108:1892:6d8 (United States)

ASN15133 (EDGECAST, US)
o.aolcdn.com
5    2a04:4e42:62::760 (United States)

ASN54113 (FASTLY, US)
open.scdn.co
i.scdn.co
17    2606:4700::6812:bc37 (United States)

ASN13335 (CLOUDFLARENET, US)
www.windowscentral.com
1    2606:4700::6812:4c34 (United States)

ASN13335 (CLOUDFLARENET, US)
passport.mobilenations.com
14    188.65.124.59 (France)

ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR)
PTR: ebed2.dm.gg
pebed.dm-event.net
3    2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
imasdk.googleapis.com
1    2606:4700::6810:a40d (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.viglink.com
1    54.86.62.20 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-86-62-20.compute-1.amazonaws.com
recs.shareaholic.com
1    172.66.42.247 (United States)

ASN13335 (CLOUDFLARENET, US)
rt3054.infolinks.com
1    104.16.139.31 (None, )

ASN13335 (CLOUDFLARENET, US)
api.bufferapp.com
1    217.20.152.207 (Russian Federation)

ASN47764 (MAILRU-AS Mail.Ru, RU)
PTR: ip207.152.odnoklassniki.ru
connect.ok.ru
1    184.30.24.193 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-24-193.deploy.static.akamaitechnologies.com
api.pinterest.com
1    151.101.193.140 (United States)

ASN54113 (FASTLY, US)
www.reddit.com
1    192.0.77.40 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: assets.tumblr.com
api.tumblr.com
1    87.240.190.72 (Russian Federation)

ASN47541 (VKONTAKTE-SPB-AS vk.com, RU)
PTR: srv72-190-240-87.vk.com
vk.com
1    2606:4700::6812:1a47 (United States)

ASN13335 (CLOUDFLARENET, US)
www.yummly.com
1    34.120.195.249 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 249.195.120.34.bc.googleusercontent.com
o22381.ingest.sentry.io
1    67.202.105.32 (United States)

ASN32748 (STEADFAST, US)
PTR: ip32.67-202-105.static.steadfastdns.net
de.tynt.com
8    2.18.234.21 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
1    51.89.9.254 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip254.ip-51-89-9.eu
onetag-sys.com
4    198.47.127.18 (United States)

ASN3257 (GTT-BACKBONE GTT, US)
image8.pubmatic.com
2    198.47.127.20 (United States)

ASN3257 (GTT-BACKBONE GTT, US)
image4.pubmatic.com
4    185.33.221.91 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com
1    35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com
u.openx.net
3    18.156.0.31 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
3    213.19.147.44 (United Kingdom)

ASN26120 (RHYTHMONE, US)
sync.1rx.io
sync.targeting.unrulymedia.com
3    52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
1    70.42.32.95 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com
b1sync.zemanta.com
1    178.162.133.149 (Rotterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com
sync.go.sonobi.com
1    52.19.63.112 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-63-112.eu-west-1.compute.amazonaws.com
s.cpx.to
1    174.137.133.49 (United States)

ASN27257 (WEBAIR-INTERNET, US)
dsp.adkernel.com
2    3.120.35.153 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-35-153.eu-central-1.compute.amazonaws.com
pixel.advertising.com
1    38.27.122.158 (United States)

ASN174 (COGENT-174, US)
match.bnmla.com
2    72.251.249.13 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)
ap.lijit.com
3    142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net
cm.g.doubleclick.net
1    185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
1    199.38.167.128 (United States)

ASN54312 (ROCKETFUEL, US)
p.rfihub.com
1    67.202.105.24 (United States)

ASN32748 (STEADFAST, US)
PTR: ip24.67-202-105.static.steadfastdns.net
ssc-cms.33across.com
6    2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ssl.gstatic.com
1    188.65.124.91 (France)

ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR)
PTR: st.dc3.dailymotion.com
speedtest.dailymotion.com
40    2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
2    34.255.13.78 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-13-78.eu-west-1.compute.amazonaws.com
api.viglink.com
11    2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    209.54.177.54 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
2    135.125.160.160 (France)

ASN16276 (OVH, FR)
PTR: ns3198892.ip-135-125-160.eu
gu.dyntrk.com
2    3.120.29.221 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-29-221.eu-central-1.compute.amazonaws.com
pm.w55c.net
1    66.155.71.149 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)
pixel-sync.sitescout.com
1    173.231.184.20 (United States)

ASN29791 (VOXEL-DOT-NET, US)
PTR: lga-cassandra-1.sys.adgear.com
cm.adgrx.com
1    2a00:1450:4001:808::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
13    188.65.124.38 (France)

ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR)
PTR: icscale-01-pub-ix7.vip.dailymotion.com
dmxleo.dailymotion.com
pdc.dmleonyc.com
ae-prod-onprem-ix7.dmxleo.com
ae.dmxleo.com
1    184.25.50.162 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-25-50-162.deploy.static.akamaitechnologies.com
s2.dmcdn.net
4    188.65.126.236 (France)

ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR)
PTR: proxy-019.dc3.dailymotion.com
proxy-019.dc3.dailymotion.com
1    199.232.198.49 (United States)

ASN54113 (FASTLY, US)
a.disquscdn.com
1    2a02:26f0:6c00:2a0::2a1 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
is5-ssl.mzstatic.com
1    2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
youtube.com
1    2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a02:26f0:6c00:285::1fcf (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
js-cdn.music.apple.com
1    2a00:1450:4001:831::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
static.doubleclick.net
1    2606:4700:3031::ac43:d645 (United States)

ASN13335 (CLOUDFLARENET, US)
use.fontawesome.com
1    151.101.2.137 (United States)

ASN54113 (FASTLY, US)
js-agent.newrelic.com
1    104.111.214.240 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-214-240.deploy.static.akamaitechnologies.com
cdn.iubenda.com
2    162.247.243.146 (United States)

ASN13335 (CLOUDFLARENET, US)
bam-cell.nr-data.net
1    151.101.114.132 (None, )

ASN- ()
odb.outbrain.com
2    99.80.67.138 (None, )

ASN- ()
pixel.adsafeprotected.com
1    2.18.232.28 (None, )

ASN- ()
images.outbrainimg.com
1    2600:9000:21f3:5000:8:48e:53c0:93a1 (None, )

ASN- ()
static.adsafeprotected.com
9    54.149.196.103 (None, )

ASN- ()
dt.adsafeprotected.com
5    70.42.32.191 (None, )

ASN- ()
log.outbrainimg.com
mcdp-nydc1.outbrain.com
videoevents.outbrain.com
4    13.225.87.89 (None, )

ASN- ()
sb.scorecardresearch.com
Apex Domain
Subdomains		 Transfer
60 googlesyndication.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
682 KB
46 snd.click
snd.click Failed
451 KB
41 doubleclick.net
googleads.g.doubleclick.net
cm.g.doubleclick.net
static.doubleclick.net
pubads.g.doubleclick.net
252 KB
32 facebook.com
www.facebook.com Failed
163 KB
31 gstatic.com
fonts.gstatic.com
www.gstatic.com
ssl.gstatic.com
321 KB
27 google.com
apis.google.com
adservice.google.com
drive.google.com
docs.google.com
accounts.google.com
www.google.com
243 KB
21 infolinks.com
resources.infolinks.com
router.infolinks.com
rt3054.infolinks.com
157 KB
19 dmcdn.net
static1.dmcdn.net
vendorlist.dmcdn.net
s1.dmcdn.net
s2.dmcdn.net
836 KB
18 youtube.com
www.youtube.com
img.youtube.com
youtube.com
816 KB
17 windowscentral.com
www.windowscentral.com
589 KB
17 disquscdn.com
c.disquscdn.com
a.disquscdn.com
708 KB
15 dailymotion.com
www.dailymotion.com Failed
speedtest.dailymotion.com
dmxleo.dailymotion.com
proxy-019.dc3.dailymotion.com
graphql.api.dailymotion.com
262 KB
15 blogspot.com
4.bp.blogspot.com
1.bp.blogspot.com
3.bp.blogspot.com
102 KB
14 dm-event.net
pebed.dm-event.net
2 KB
13 yandex.com
mc.yandex.com
3 KB
13 aiupnow.com
www.aiupnow.com
426 KB
12 adsafeprotected.com
pixel.adsafeprotected.com
static.adsafeprotected.com
dt.adsafeprotected.com
99 KB
12 disqus.com
sigma2.disqus.com
disqus.com
referrer.disqus.com
113 KB
11 cloudfront.net
d2908q01vomqb2.cloudfront.net
5 MB
11 googleapis.com
ajax.googleapis.com
fonts.googleapis.com
imasdk.googleapis.com
480 KB
10 stackpathcdn.com
m9m6e2w5.stackpathcdn.com
124 KB
9 dmxleo.com
ae-prod-onprem-ix7.dmxleo.com
ae.dmxleo.com
3 KB
8 googletagservices.com
www.googletagservices.com
292 KB
8 casalemedia.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
8 KB
7 pubmatic.com
image8.pubmatic.com
image4.pubmatic.com
image2.pubmatic.com
2 KB
5 scdn.co
open.scdn.co
i.scdn.co
87 KB
5 feedburner.com
feeds.feedburner.com
4 KB
4 scorecardresearch.com
sb.scorecardresearch.com
4 KB
4 outbrain.com
odb.outbrain.com
mcdp-nydc1.outbrain.com
videoevents.outbrain.com
3 KB
4 adnxs.com
ib.adnxs.com
4 KB
4 google-analytics.com
www.google-analytics.com
59 KB
4 facebook.net
connect.facebook.net
195 KB
4 blogger.com
www.blogger.com
164 KB
3 outbrainimg.com
images.outbrainimg.com
log.outbrainimg.com
948 KB
3 adsrvr.org
match.adsrvr.org
1 KB
3 yahoo.com
ups.analytics.yahoo.com
1 KB
3 viglink.com
cdn.viglink.com
api.viglink.com
30 KB
3 yimg.com
s.yimg.com
1 MB
3 shareaholic.com
analytics.shareaholic.com
partner.shareaholic.com
recs.shareaholic.com
953 B
3 google.de
adservice.google.de
1 KB
2 dmleonyc.com
pdc.dmleonyc.com
185 B
2 nr-data.net
bam-cell.nr-data.net
1 KB
2 w55c.net
pm.w55c.net
1 KB
2 dyntrk.com
gu.dyntrk.com
850 B
2 amazon-adsystem.com
s.amazon-adsystem.com
1 KB
2 lijit.com
ap.lijit.com
1 KB
2 advertising.com
pixel.advertising.com
674 B
2 1rx.io
sync.1rx.io
1 KB
2 fbcdn.net
scontent.xx.fbcdn.net
61 KB
2 aolcdn.com
o.aolcdn.com
278 KB
2 amazonaws.com
media-mbst-pub-ue1.s3.amazonaws.com
440 KB
2 googleusercontent.com
doc-0o-0c-docs.googleusercontent.com
25 KB
2 yandex.ru
mc.yandex.ru
67 KB
2 spotify.com
open.spotify.com Failed
1 KB
2 bootstrapcdn.com
maxcdn.bootstrapcdn.com
84 KB
2 shareaholic.net
cdn.shareaholic.net
www.shareaholic.net
7 KB
1 iubenda.com
cdn.iubenda.com
5 KB
1 newrelic.com
js-agent.newrelic.com
13 KB
1 fontawesome.com
use.fontawesome.com
247 KB
1 apple.com
js-cdn.music.apple.com
54 KB
1 cloudflare.com
cdnjs.cloudflare.com
7 KB
1 googletagmanager.com
www.googletagmanager.com
36 KB
1 mzstatic.com
is5-ssl.mzstatic.com
214 KB
1 2mdn.net
s0.2mdn.net
17 KB
1 adgrx.com
cm.adgrx.com
408 B
1 sitescout.com
pixel-sync.sitescout.com
299 B
1 33across.com
ssc-cms.33across.com
72 B
1 rfihub.com
p.rfihub.com
757 B
1 bnmla.com
match.bnmla.com
114 B
1 adkernel.com
dsp.adkernel.com
233 B
1 cpx.to
s.cpx.to
945 B
1 sonobi.com
sync.go.sonobi.com
478 B
1 zemanta.com
b1sync.zemanta.com
288 B
1 unrulymedia.com
sync.targeting.unrulymedia.com
475 B
1 openx.net
u.openx.net
306 B
1 onetag-sys.com
onetag-sys.com
814 B
1 tynt.com
de.tynt.com
289 B
1 sentry.io
o22381.ingest.sentry.io
245 B
1 yummly.com
www.yummly.com
724 B
1 vk.com
vk.com
482 B
1 tumblr.com
api.tumblr.com
392 B
1 reddit.com
www.reddit.com
1 KB
1 pinterest.com
api.pinterest.com
415 B
1 ok.ru
connect.ok.ru
2 KB
1 bufferapp.com
api.bufferapp.com
410 B
1 mobilenations.com
passport.mobilenations.com
50 KB
1 windows.com
blogs.windows.com
291 KB
1 saastr.com
www.saastr.com
65 KB
1 ggpht.com
yt3.ggpht.com
2 KB
1 googleadservices.com
partner.googleadservices.com
645 B
1 blogblog.com
resources.blogblog.com
680 B
1 media.net
contextual.media.net
94 KB
1 t.co
t.co
725 B
561 93
Domain Requested by
46 snd.click www.aiupnow.com
ajax.googleapis.com
snd.click
40 tpc.googlesyndication.com googleads.g.doubleclick.net
pagead2.googlesyndication.com
tpc.googlesyndication.com
36 googleads.g.doubleclick.net pagead2.googlesyndication.com
ajax.googleapis.com
googleads.g.doubleclick.net
www.youtube.com
32 www.facebook.com www.aiupnow.com
ajax.googleapis.com
t.co
www.facebook.com
connect.facebook.net
20 pagead2.googlesyndication.com www.aiupnow.com
pagead2.googlesyndication.com
srcdoc
googleads.g.doubleclick.net
www.gstatic.com
www.googletagservices.com
t.co
tpc.googlesyndication.com
17 www.windowscentral.com www.aiupnow.com
16 static1.dmcdn.net www.dailymotion.com
static1.dmcdn.net
16 c.disquscdn.com sigma2.disqus.com
disqus.com
c.disquscdn.com
15 www.youtube.com apis.google.com
www.youtube.com
snd.click
www.aiupnow.com
14 pebed.dm-event.net www.dailymotion.com
static1.dmcdn.net
14 www.gstatic.com apis.google.com
static1.dmcdn.net
googleads.g.doubleclick.net
www.gstatic.com
14 router.infolinks.com resources.infolinks.com
router.infolinks.com
ssum-sec.casalemedia.com
13 mc.yandex.com 2 redirects www.aiupnow.com
mc.yandex.ru
13 www.aiupnow.com 1 redirects t.co
www.aiupnow.com
ajax.googleapis.com
11 www.google.com 8 redirects googleads.g.doubleclick.net
www.youtube.com
tpc.googlesyndication.com
11 d2908q01vomqb2.cloudfront.net www.aiupnow.com
11 fonts.gstatic.com fonts.googleapis.com
www.youtube.com
10 m9m6e2w5.stackpathcdn.com cdn.shareaholic.net
www.aiupnow.com
9 dt.adsafeprotected.com
9 apis.google.com www.aiupnow.com
apis.google.com
www.youtube.com
accounts.google.com
8 www.googletagservices.com googleads.g.doubleclick.net
8 disqus.com sigma2.disqus.com
c.disquscdn.com
7 3.bp.blogspot.com www.aiupnow.com
7 fonts.googleapis.com www.aiupnow.com
googleads.g.doubleclick.net
snd.click
6 ssl.gstatic.com accounts.google.com
www.aiupnow.com
5 ae-prod-onprem-ix7.dmxleo.com
5 dsum-sec.casalemedia.com 1 redirects ssum-sec.casalemedia.com
5 feeds.feedburner.com www.aiupnow.com
5 1.bp.blogspot.com www.aiupnow.com
4 sb.scorecardresearch.com 2 redirects
4 graphql.api.dailymotion.com static1.dmcdn.net
4 ae.dmxleo.com
4 proxy-019.dc3.dailymotion.com static1.dmcdn.net
4 ib.adnxs.com 4 redirects
4 image8.pubmatic.com 4 redirects
4 open.scdn.co open.spotify.com
open.scdn.co
4 adservice.google.com pagead2.googlesyndication.com
imasdk.googleapis.com
4 www.dailymotion.com www.aiupnow.com
ajax.googleapis.com
www.dailymotion.com
static1.dmcdn.net
4 www.google-analytics.com www.aiupnow.com
www.google-analytics.com
www.googletagmanager.com
t.co
4 connect.facebook.net www.aiupnow.com
connect.facebook.net
4 resources.infolinks.com www.aiupnow.com
t.co
resources.infolinks.com
4 www.blogger.com www.aiupnow.com
3 cm.g.doubleclick.net 3 redirects
3 match.adsrvr.org 2 redirects ssum-sec.casalemedia.com
3 ups.analytics.yahoo.com 3 redirects
3 ssum-sec.casalemedia.com 1 redirects router.infolinks.com
ssum-sec.casalemedia.com
3 rt3054.infolinks.com resources.infolinks.com
3 imasdk.googleapis.com www.dailymotion.com
static1.dmcdn.net
imasdk.googleapis.com
3 s.yimg.com www.aiupnow.com
3 adservice.google.de pagead2.googlesyndication.com
3 4.bp.blogspot.com www.aiupnow.com
2 videoevents.outbrain.com
2 log.outbrainimg.com
2 pixel.adsafeprotected.com static1.dmcdn.net
2 pdc.dmleonyc.com static1.dmcdn.net
2 bam-cell.nr-data.net js-agent.newrelic.com
2 youtube.com 2 redirects
2 referrer.disqus.com www.aiupnow.com
2 dmxleo.dailymotion.com static1.dmcdn.net
2 pm.w55c.net 2 redirects
2 gu.dyntrk.com 2 redirects
2 s.amazon-adsystem.com 1 redirects ssum-sec.casalemedia.com
2 api.viglink.com cdn.viglink.com
2 ap.lijit.com 2 redirects
2 pixel.advertising.com 2 redirects
2 sync.1rx.io 2 redirects
2 image4.pubmatic.com 2 redirects
2 scontent.xx.fbcdn.net www.facebook.com
2 o.aolcdn.com www.aiupnow.com
2 media-mbst-pub-ue1.s3.amazonaws.com www.aiupnow.com
2 doc-0o-0c-docs.googleusercontent.com 1 redirects www.aiupnow.com
2 mc.yandex.ru 1 redirects www.aiupnow.com
2 open.spotify.com www.aiupnow.com
ajax.googleapis.com
2 sigma2.disqus.com www.aiupnow.com
sigma2.disqus.com
2 maxcdn.bootstrapcdn.com www.aiupnow.com
maxcdn.bootstrapcdn.com
1 mcdp-nydc1.outbrain.com
1 static.adsafeprotected.com www.dailymotion.com
1 images.outbrainimg.com
1 odb.outbrain.com static1.dmcdn.net
1 pubads.g.doubleclick.net imasdk.googleapis.com
1 cdn.iubenda.com snd.click
1 js-agent.newrelic.com t.co
1 use.fontawesome.com snd.click
1 static.doubleclick.net www.youtube.com
1 js-cdn.music.apple.com snd.click
1 cdnjs.cloudflare.com snd.click
1 www.googletagmanager.com snd.click
1 is5-ssl.mzstatic.com snd.click
1 a.disquscdn.com www.aiupnow.com
1 s2.dmcdn.net www.dailymotion.com
1 s0.2mdn.net imasdk.googleapis.com
1 cm.adgrx.com ssum-sec.casalemedia.com
1 pixel-sync.sitescout.com 1 redirects
1 s1.dmcdn.net www.dailymotion.com
1 speedtest.dailymotion.com static1.dmcdn.net
1 vendorlist.dmcdn.net static1.dmcdn.net
1 ssc-cms.33across.com router.infolinks.com
1 p.rfihub.com 1 redirects
1 image2.pubmatic.com 1 redirects
1 match.bnmla.com router.infolinks.com
1 dsp.adkernel.com router.infolinks.com
1 s.cpx.to router.infolinks.com
1 sync.go.sonobi.com router.infolinks.com
1 b1sync.zemanta.com 1 redirects
1 sync.targeting.unrulymedia.com 1 redirects
1 u.openx.net router.infolinks.com
1 onetag-sys.com router.infolinks.com
1 de.tynt.com router.infolinks.com
1 o22381.ingest.sentry.io open.scdn.co
1 www.yummly.com m9m6e2w5.stackpathcdn.com
1 vk.com m9m6e2w5.stackpathcdn.com
1 api.tumblr.com m9m6e2w5.stackpathcdn.com
1 www.reddit.com m9m6e2w5.stackpathcdn.com
1 api.pinterest.com m9m6e2w5.stackpathcdn.com
1 connect.ok.ru m9m6e2w5.stackpathcdn.com
1 api.bufferapp.com m9m6e2w5.stackpathcdn.com
1 i.scdn.co open.spotify.com
1 recs.shareaholic.com m9m6e2w5.stackpathcdn.com
1 cdn.viglink.com m9m6e2w5.stackpathcdn.com
1 img.youtube.com www.aiupnow.com
1 passport.mobilenations.com www.aiupnow.com
1 accounts.google.com apis.google.com
1 blogs.windows.com www.aiupnow.com
1 docs.google.com 1 redirects
1 drive.google.com 1 redirects
1 www.saastr.com www.aiupnow.com
1 yt3.ggpht.com www.youtube.com
1 partner.shareaholic.com m9m6e2w5.stackpathcdn.com
1 analytics.shareaholic.com m9m6e2w5.stackpathcdn.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 www.shareaholic.net cdn.shareaholic.net
1 resources.blogblog.com www.aiupnow.com
1 ajax.googleapis.com www.aiupnow.com
1 cdn.shareaholic.net www.aiupnow.com
1 contextual.media.net www.aiupnow.com
1 t.co
561 136
Subject Issuer Validity Valid
t.co
DigiCert TLS RSA SHA256 2020 CA1		 2021-02-05 -
2022-02-04		 a year crt.sh
www.aiupnow.com
GTS CA 1D4		 2021-12-02 -
2022-03-02		 3 months crt.sh
*.blogger.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.media.net
DigiCert SHA2 Secure Server CA		 2021-04-12 -
2022-04-20		 a year crt.sh
cdn.shareaholic.net
R3		 2021-11-09 -
2022-02-07		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
misc-sni.blogspot.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-11-08 -
2022-01-31		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-15 -
2022-07-14		 a year crt.sh
*.apis.google.com
GTS CA 1C3		 2021-11-08 -
2022-01-31		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-09-24 -
2021-12-23		 3 months crt.sh
*.stackpathcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2021-05-31 -
2022-05-31		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-11-08 -
2022-01-31		 3 months crt.sh
*.shareaholic.net
R3		 2021-12-03 -
2022-03-03		 3 months crt.sh
*.disqus.com
DigiCert SHA2 Secure Server CA		 2020-04-20 -
2022-05-09		 2 years crt.sh
*.gstatic.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-11-08 -
2022-01-31		 3 months crt.sh
*.googleadservices.com
GTS CA 1C3		 2021-11-08 -
2022-01-31		 3 months crt.sh
*.google.de
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
mc.yandex.ru
Yandex CA		 2021-07-28 -
2022-01-07		 5 months crt.sh
shareaholic.com
Amazon		 2021-06-05 -
2022-07-04		 a year crt.sh
www.dailymotion.com
ZeroSSL RSA Domain Secure Site CA		 2021-12-11 -
2022-03-11		 3 months crt.sh
*.spotify.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-05-03 -
2022-05-03		 a year crt.sh
a.disquscdn.com
Amazon		 2021-10-31 -
2022-11-28		 a year crt.sh
*.shareaholic.com
R3		 2021-11-29 -
2022-02-27		 3 months crt.sh
*.googleusercontent.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
www.saastr.com
R3		 2021-11-23 -
2022-02-21		 3 months crt.sh
blogs.windows.com
Microsoft RSA TLS CA 01		 2021-11-05 -
2022-11-05		 a year crt.sh
misc.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.cloudfront.net
Amazon		 2021-03-19 -
2022-03-17		 a year crt.sh
accounts.google.com
GTS CA 1C3		 2021-11-08 -
2022-01-31		 3 months crt.sh
*.dmcdn.net
ZeroSSL RSA Domain Secure Site CA		 2021-11-10 -
2022-02-08		 3 months crt.sh
*.api.fantasysports.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-11-08 -
2021-12-29		 2 months crt.sh
*.s3.amazonaws.com
DigiCert Baltimore CA-2 G2		 2021-01-11 -
2022-02-11		 a year crt.sh
o.aolcdn.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-05-28 -
2022-06-02		 a year crt.sh
*.scdn.co
DigiCert TLS RSA SHA256 2020 CA1		 2021-08-06 -
2022-09-02		 a year crt.sh
windowscentral.com
Cloudflare Inc ECC CA-3		 2021-06-05 -
2022-06-04		 a year crt.sh
*.dm-event.net
ZeroSSL RSA Domain Secure Site CA		 2021-10-15 -
2022-01-13		 3 months crt.sh
ssl1029306.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2021-07-12 -
2022-06-30		 a year crt.sh
api.bufferapp.com
DigiCert SHA2 Secure Server CA		 2020-06-24 -
2022-08-16		 2 years crt.sh
*.ok.ru
GeoTrust RSA CA 2018		 2021-02-18 -
2022-03-21		 a year crt.sh
*.pinterest.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-26 -
2022-08-05		 a year crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-05 -
2022-04-02		 6 months crt.sh
tumblr.com
DigiCert SHA2 Extended Validation Server CA		 2020-07-09 -
2022-04-14		 2 years crt.sh
*.vk.com
GlobalSign Organization Validation CA - SHA256 - G2		 2020-06-09 -
2022-06-10		 2 years crt.sh
*.ingest.sentry.io
R3		 2021-10-24 -
2022-01-22		 3 months crt.sh
*.tynt.com
Sectigo RSA Domain Validation Secure Server CA		 2021-09-23 -
2022-09-30		 a year crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-02-05 -
2022-02-09		 a year crt.sh
onetag-sys.com
R3		 2021-11-02 -
2022-01-31		 3 months crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2020-12-06 -
2022-01-07		 a year crt.sh
*.adkernel.com
Sectigo RSA Domain Validation Secure Server CA		 2020-12-22 -
2022-01-05		 a year crt.sh
*.bnmla.com
Go Daddy Secure Certificate Authority - G2		 2021-01-06 -
2022-02-07		 a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2021-09-23 -
2022-09-30		 a year crt.sh
speedtest.dailymotion.com
ZeroSSL RSA Domain Secure Site CA		 2021-10-26 -
2022-01-24		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
viglink.com
Amazon		 2021-11-13 -
2022-12-11		 a year crt.sh
www.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2021-03-18 -
2022-04-19		 a year crt.sh
public1.adgear.com
Sectigo RSA Domain Validation Secure Server CA		 2021-02-24 -
2022-03-26		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2021-11-08 -
2022-01-31		 3 months crt.sh
dmxleo.dailymotion.com
ZeroSSL RSA Domain Secure Site CA		 2021-10-25 -
2022-01-23		 3 months crt.sh
api.dmcdn.net
R3		 2021-11-09 -
2022-02-07		 3 months crt.sh
*.dc3.dailymotion.com
ZeroSSL RSA Domain Secure Site CA		 2021-10-21 -
2022-01-19		 3 months crt.sh
*.disquscdn.com
GlobalSign Atlas R3 DV TLS CA 2020		 2021-03-22 -
2022-04-23		 a year crt.sh
itunes.apple.com
Apple Public EV Server RSA CA 2 - G1		 2021-06-22 -
2022-07-22		 a year crt.sh
authorize.music.apple.com
Apple Public EV Server RSA CA 2 - G1		 2021-01-06 -
2022-02-05		 a year crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA H2 2021		 2021-10-06 -
2022-11-07		 a year crt.sh
www.iubenda.com
DigiCert SHA2 Secure Server CA		 2021-03-26 -
2022-03-31		 a year crt.sh
*.nr-data.net
DigiCert SHA2 Secure Server CA		 2020-02-05 -
2022-02-08		 2 years crt.sh
playerdiagnosticscollector.dmxleo.com
ZeroSSL RSA Domain Secure Site CA		 2021-11-18 -
2022-02-16		 3 months crt.sh
adevents.dmxleo.com
ZeroSSL RSA Domain Secure Site CA		 2021-11-08 -
2022-02-06		 3 months crt.sh
*.outbrain.com
R3		 2021-12-02 -
2022-03-02		 3 months crt.sh
fw.adsafeprotected.com
Amazon		 2021-08-11 -
2022-09-09		 a year crt.sh
*.outbrainimg.com
DigiCert SHA2 Secure Server CA		 2021-05-04 -
2022-05-09		 a year crt.sh
static.adsafeprotected.com
Amazon		 2021-09-05 -
2022-10-04		 a year crt.sh
dt.adsafeprotected.com
Amazon		 2021-11-19 -
2022-12-18		 a year crt.sh
graphql.api.dailymotion.com
ZeroSSL RSA Domain Secure Site CA		 2021-10-27 -
2022-01-25		 3 months crt.sh

This page contains 59 frames:

Primary Page: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Frame ID: C195ECEB54289E6BED1507549C25518F
Requests: 176 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/zrt_lookup.html
Frame ID: 9D87A33BA220E3A27803F641F1139D07
Requests: 1 HTTP requests in this frame

Frame: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Frame ID: BCCCB544108C9C9141DA6B394C74BC0C
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Frame ID: 49B5264F8867AAF550FA12C2D9EAA1F9
Requests: 1 HTTP requests in this frame

Frame: https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Frame ID: AE5CC490520CF9F0FB3F4277020902B3
Requests: 1 HTTP requests in this frame

Frame: https://snd.click/mjI0tjt?embed=1
Frame ID: 056BD018EBF85AA3AEB7F61EE2640D28
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=743980787&adf=3719817289&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766434&bpp=14&bdt=157&idt=161&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&correlator=6217839419993&frm=20&pv=2&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=655&ady=113&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=xFYYDjuqkS&p=https%3A//www.aiupnow.com&dtd=173
Frame ID: 71715028C18C66420AD7AAED56BA838C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766616&bpp=1&bdt=338&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3465&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=1&fsb=1&xpc=mJaJBCYa8E&p=https%3A//www.aiupnow.com&dtd=5
Frame ID: 8BACD8CD349DECC420212D375C19288F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766449&bpp=1&bdt=171&idt=202&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yrheaW2R69&p=https%3A//www.aiupnow.com&dtd=209
Frame ID: 111B9A7F9711692BB51F1CBA0D3647C2
Requests: 13 HTTP requests in this frame

Frame: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Frame ID: 94075707A6D29A1BD94C77B36F3D3A45
Requests: 73 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Frame ID: 2DC3758C4DA45C2D503D95DEF7FC7AD3
Requests: 31 HTTP requests in this frame

Frame: https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Frame ID: 1C4DFC7634E4DFE997B70A8CCBF412CF
Requests: 7 HTTP requests in this frame

Frame: https://snd.click/mjI0tjt?embed=1
Frame ID: 10D1F9452E902E7648FA27447C7326A1
Requests: 59 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766616&bpp=1&bdt=338&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3465&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=1&fsb=1&xpc=mJaJBCYa8E&p=https%3A//www.aiupnow.com&dtd=5
Frame ID: 8FA74A2A74DB0D24CAB2700AA4E49EBB
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&adk=1812271804&adf=3025194257&lmt=1639580699&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&ea=0&flash=0&host=ca-host-pub-1556223355139109&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766721&bpp=2&bdt=444&idt=2&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250%2C728x90&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=9&uci=a!9&fsb=1&dtd=38
Frame ID: 062054903285C68F820D509B6C4A9340
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&layout=full&count=default&origin=https%3A%2F%2Fwww.aiupnow.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Frame ID: 6C8636F761E9F4F58C67E66AD49188DC
Requests: 6 HTTP requests in this frame

Frame: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Frame ID: 4101E0550F8B51D72CEC0625660EF607
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766449&bpp=1&bdt=172&idt=395&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250%2C728x90%2C0x0&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=hFlesZyNb0&p=https%3A//www.aiupnow.com&dtd=403
Frame ID: 36DAB672F29F120139726917FCC0CB44
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766471&bpp=2&bdt=193&idt=433&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=NgnToCu2Ou&p=https%3A//www.aiupnow.com&dtd=437
Frame ID: 3E7069FDCE6FD8ACAE2F0352FAEDB71B
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766526&bpp=4&bdt=248&idt=419&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=08EpsWnfa3&p=https%3A//www.aiupnow.com&dtd=428
Frame ID: DD2D856D00479BB37CF89A3310035439
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766573&bpp=1&bdt=295&idt=463&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1669&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=SDdx8B8AWf&p=https%3A//www.aiupnow.com&dtd=467
Frame ID: 32FBF6C4A02C918F8CF3D2779F9D7AA1
Requests: 9 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
Frame ID: C2BF6B7FA3BF3E87BB4E5897E69A6AA9
Requests: 10 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.aiupnow.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Frame ID: DBFC9CADA160AAB80930594A88EA59E1
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766575&bpp=1&bdt=297&idt=564&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3067&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=tPJEadH44t&p=https%3A//www.aiupnow.com&dtd=568
Frame ID: C0DAFACC9695E2B965A90C8EF031F85B
Requests: 10 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV
Frame ID: DE042005C7965E2FA93AD12D3B80DFF4
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Frame ID: 300CE96EC401E5AB2FDC2C3C14BA290D
Requests: 10 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=598ce3ddaee8c90
Frame ID: FA276D6FB531142F3EFBBC9D5B7505E4
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: 58D925C0877742CB9359F167737671E8
Requests: 3 HTTP requests in this frame

Frame: https://disqus.com/recommendations/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A
Frame ID: DAB45AE4467ECA4D13B3D5124E68A48F
Requests: 8 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 831884FCDD8DD2B723F324514021C7E5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: B0D99B5CB42D94FAA2543B1DBEFFFFE9
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.492.0_en.html
Frame ID: 6EDF6A9B22CC4B2F46CC46E5B111FFEE
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: ABED9286D35C37B761EB9FF7E500A20A
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: C9F723CC954D162527503BBE17283D89
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 242AC0E277B3968247A5F24B322693C9
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: D9F0DDF0D636116DF69B490579E491B4
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 81BA4071ECED4BA1899A513E96B9F8F2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 37B05D80A868A88A9B5ECC8B86C6FB6B
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
Frame ID: A64604EF86BFBBE810D6EB9172E7BA40
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Frame ID: 7ABAB2EC36C1C3C0AE605F9542B7CE6D
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Frame ID: 297E2B193A5BF7AA5AEA5863C053AB34
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
Frame ID: 65E1A2211EEC648D9DDC714549E4B1D9
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/subscribe_embed?action_card=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Frame ID: 1B0C050638BFA3E3D1ADE77CD1D17B90
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
Frame ID: A7E3797AB991E38A5BE0A293A8DB811E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
Frame ID: F94582144AB1084C0D3C65186DB3DE5B
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
Frame ID: 3F99826E8763C26F5398FCEE5DFC3EAD
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
Frame ID: CE8F0DBAC54D3919EA4B21DB9AC6F781
Requests: 1 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 67DBDFB6EC43DB68BC92872E2863BCE8
Requests: 7 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Frame ID: 9BB80634CCA94B911F83B24C0DAAAFF9
Requests: 1 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Frame ID: FF484B6246EFE3DF247CD1CAC8B3D577
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: C3EAC3E5080FBA16C238FCEA83D9DE57
Requests: 2 HTTP requests in this frame

Frame: https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
Frame ID: D9578D421221A52243FBF76EA9A7B1EC
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: F8606B078D0D298E8D14CE7AB5792068
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
Frame ID: 0B7BE2B7C4E692309B101AF193DA622E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
Frame ID: 84EE904F97FA84908709FAAC6336E1E2
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.0/plugins/comments.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfd831d28064058%26domain%3Dwww.aiupnow.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.aiupnow.com%252Ffc42c776f2b6e%26relation%3Dparent.parent&color_scheme=light&container_width=0&height=100&href=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&locale=en_US&numposts=5&sdk=joey&version=v2.0&width=
Frame ID: 049C370A9BE1F1A22D64D3D3AF3A1A5C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: EF2EE8237E03CB2481C5C4BC84E1E9BA
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: FEA9A4AE358AED9A42354358F3097CA3
Requests: 2 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: F81A2B51FB7AD479B0C3E6D494CCE0FC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Hackers Using Malicious IIS Server Module to Steal Microsoft Exchange Credentials #Cybersecurity - The Entrepreneurial Way with A.I.

Page URL History Show full URLs

  1. https://t.co/IMBWIxzlWq Page URL
  2. http://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html HTTP 301
    https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html Page URL

Page Statistics

561
Requests

95 %
HTTPS

40 %
IPv6

93
Domains

136
Subdomains

96
IPs

8
Countries

16774 kB
Transfer

29768 kB
Size

75
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t.co/IMBWIxzlWq Page URL
  2. http://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html HTTP 301
    https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 36
  • https://open.spotify.com/follow/1/?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light HTTP 301
  • https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Request Chain 56
  • https://open.spotify.com/follow/1/?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light HTTP 301
  • https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Request Chain 93
  • https://drive.google.com/uc?id=1BzJJx-XDuOs0xAWBp7YYEiYzk8WrZDYH HTTP 302
  • https://doc-0o-0c-docs.googleusercontent.com/docs/securesc/n4tt96pmlq8gcqn3bf4ktb9vdim3i29o/o5l5leio1ut9fon82sq61440dhotgcj3/1639597725000/04172779913741121811/14799480645933431078Z/1BzJJx-XDuOs0xAWBp7YYEiYzk8WrZDYH HTTP 302
  • https://docs.google.com/nonceSigner?nonce=8qc6r52gpbh96&continue=https://doc-0o-0c-docs.googleusercontent.com/docs/securesc/n4tt96pmlq8gcqn3bf4ktb9vdim3i29o/o5l5leio1ut9fon82sq61440dhotgcj3/1639597725000/04172779913741121811/14799480645933431078Z/1BzJJx-XDuOs0xAWBp7YYEiYzk8WrZDYH&hash=92ib0v3o6n33sqh9n8eu09dem7an460b HTTP 302
  • https://doc-0o-0c-docs.googleusercontent.com/docs/securesc/n4tt96pmlq8gcqn3bf4ktb9vdim3i29o/o5l5leio1ut9fon82sq61440dhotgcj3/1639597725000/04172779913741121811/14799480645933431078Z/1BzJJx-XDuOs0xAWBp7YYEiYzk8WrZDYH?nonce=8qc6r52gpbh96&user=14799480645933431078Z&hash=rdqkpgrqp3mfcbh2dtj5jr201nv39g5o
Request Chain 136
  • https://mc.yandex.com/sync_cookie_image_check HTTP 302
  • https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9488.yBD6OooPph0YhHkdvysa0fIFWNspswJDDq_-OIdV7glk-XPbZYPQaUb_6-pI0ef4.yIv5QxMbJYilsz9O011OVE-4yFs%2C HTTP 302
  • https://mc.yandex.com/sync_cookie_image_decide?token=9488.wBjxFeK7vclJkKhmvzToi20KoqPAQjtUTCAuxaOFw4t-ocmVozMDKgQCmP1VrDGX0r7gwUvcCbgoqfzuSBZYDw%2C%2C.AxV6lBxREQ6fUk0zEFcO5rJ72Uo%2C
Request Chain 223
  • https://ssum-sec.casalemedia.com/usermatch?s=191306&cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Request Chain 225
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fpbm-usync%253Fuid%253D%2523PMUID HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fpbm-usync%253Fuid%253D%2523PMUID&rdf=1 HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?p=156872&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fpbm-usync%3Fuid%3DDB27BCFB-049B-4C7D-880C-0FAA4FF40F37 HTTP 302
  • https://router.infolinks.com/dyn/pbm-usync?uid=DB27BCFB-049B-4C7D-880C-0FAA4FF40F37
Request Chain 226
  • https://ib.adnxs.com/getuid?https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fapn-usync%3Fuser_id%3D%24UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fapn-usync%253Fuser_id%253D%2524UID HTTP 302
  • https://router.infolinks.com/dyn/apn-usync?user_id=4698782594569488495
Request Chain 228
  • https://ups.analytics.yahoo.com/ups/58422/occ HTTP 302
  • https://ups.analytics.yahoo.com/ups/58422/occ?verify=true HTTP 302
  • https://router.infolinks.com/dyn/VR-usync?uid=y-DF03DjZE2uFq6CQ3Cx4PgTZLKm8CFmUAzrgjUUw-~A
Request Chain 229
  • https://sync.1rx.io/usersync2/infolinks HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3778081612 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3778081612 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/943e32d1-329a-459e-9174-6c314397aa75 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-4ae237c3-3670-48ad-9645-58db8dee2626-003?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fr1-usync%3Fuid%3DRX-4ae237c3-3670-48ad-9645-58db8dee2626-003 HTTP 302
  • https://router.infolinks.com/dyn/r1-usync?uid=RX-4ae237c3-3670-48ad-9645-58db8dee2626-003
Request Chain 230
  • https://b1sync.zemanta.com/usersync/infolinks/?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fzmn-usync%3Fuid%3D__ZUID__ HTTP 302
  • https://router.infolinks.com/dyn/zmn-usync?uid=
Request Chain 232
  • https://ib.adnxs.com/getuid?https://s.cpx.to/ca.png?ref=https%253A%252F%252Fwww.aiupnow.com%252F2021%252F12%252Fhackers-using-malicious-iis-server.html&pid=12306&adnxs_uid=$UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.cpx.to%2Fca.png%3Fref%3Dhttps%25253A%25252F%25252Fwww.aiupnow.com%25252F2021%25252F12%25252Fhackers-using-malicious-iis-server.html%26pid%3D12306%26adnxs_uid%3D%24UID HTTP 302
  • https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&pid=12306&adnxs_uid=4698782594569488495
Request Chain 234
  • https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true HTTP 302
  • https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP1ca20380-5de0-11ec-9300-06a1c97fae8c HTTP 302
  • https://router.infolinks.com/dyn/outh-usync?uid=y-JjE8PO9E2uEcCTwca_SrLhbDo0NCSyOS~A~UP1ca20380-5de0-11ec-9300-06a1c97fae8c
Request Chain 236
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID HTTP 307
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID&sovrn_retry=true HTTP 307
  • https://router.infolinks.com/dyn/sovrn-usync?uid=80e385a2cd395028e7ada327
Request Chain 237
  • https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fusersync%253Fpmuservalue%253D%2523PMUID HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=REIyN0JDRkItMDQ5Qi00QzdELTg4MEMtMEZBQTRGRjQwRjM3&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?p=60809&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fusersync%3Fpmuservalue%3DDB27BCFB-049B-4C7D-880C-0FAA4FF40F37 HTTP 302
  • https://router.infolinks.com/dyn/usersync?pmuservalue=DB27BCFB-049B-4C7D-880C-0FAA4FF40F37
Request Chain 238
  • https://p.rfihub.com/cm?pub=43153&in=1 HTTP 302
  • https://router.infolinks.com/dyn/zeta-usync?uid=2810316550540409308
Request Chain 271
  • https://mc.yandex.com/watch/53791720?wmode=7&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&page-ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aykcyjkqfph1z85b6in%3Afp%3A568%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A720%3Acn%3A1%3Adp%3A0%3Als%3A527820595439%3Ahid%3A371238071%3Az%3A0%3Ai%3A20211215194927%3Aet%3A1639597767%3Ac%3A1%3Arn%3A328365957%3Arqn%3A1%3Au%3A1639597767748546093%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1639597765853%3Ads%3A0%2C26%2C197%2C82%2C198%2C0%2C%2C408%2C83%2C%2C%2C%2C836%3Adsn%3A0%2C27%2C197%2C81%2C199%2C0%2C%2C329%2C83%2C%2C%2C%2C836%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1639597768%3At%3AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%20-%20The%20Entrepreneurial%20Way%20with%20A.I.&t=gdpr(14)aw(1)ti(2) HTTP 302
  • https://mc.yandex.com/watch/53791720/1?wmode=7&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&page-ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aykcyjkqfph1z85b6in%3Afp%3A568%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A720%3Acn%3A1%3Adp%3A0%3Als%3A527820595439%3Ahid%3A371238071%3Az%3A0%3Ai%3A20211215194927%3Aet%3A1639597767%3Ac%3A1%3Arn%3A328365957%3Arqn%3A1%3Au%3A1639597767748546093%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1639597765853%3Ads%3A0%2C26%2C197%2C82%2C198%2C0%2C%2C408%2C83%2C%2C%2C%2C836%3Adsn%3A0%2C27%2C197%2C81%2C199%2C0%2C%2C329%2C83%2C%2C%2C%2C836%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1639597768%3At%3AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%20-%20The%20Entrepreneurial%20Way%20with%20A.I.&t=gdpr%2814%29aw%281%29ti%282%29
Request Chain 296
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbpGxyxA38x5_C53HMfxAgAABGUAAAAB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbpGxyxA38x5_C53HMfxAgAABGUAAAAB&dcc=t
Request Chain 298
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YbpGxyxA38x5_C53HMfxAgAABGUAAAAB&gdpr_consent=&us_privacy=&gdpr=1 HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEHrLtN7Aoj4oY6WAEpF5A7A&google_cver=1
Request Chain 299
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YbpGxyxA38x5-C53HMfxAgAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESENKsDhhBcSx0y2C79SPv9qU&google_cver=1&gdpr=1
Request Chain 300
  • https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1 HTTP 302
  • https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1&prevuid=&knw=0 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
Request Chain 301
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=8mQzji861MXAhi5&gdpr=1
Request Chain 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1642189768
Request Chain 355
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 363
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 365
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 373
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 376
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 406
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 457
  • https://youtube.com/embed//RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer HTTP 303
  • https://youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer HTTP 301
  • https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
Request Chain 462
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 465
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 566
  • https://sb.scorecardresearch.com/p?c1=19&c2=4000005&ns_ap_an=unknown&ns_ap_pn=js&ns_ap_pv=5&c12=_&name=foreground&ns_ap_ec=1&ns_ap_ev=start&ns_ap_device=Linux%20x86_64&ns_ap_id=1639597783628&ns_ap_csf=1&ns_ap_bi=unknown&ns_ap_pfm=webbrowser&ns_ap_pfv=Chrome%2096.0.4664.93&ns_ap_ver=unknown&ns_ap_sv=7.6.0.210114&ns_ap_bv=7.6.0.210114&ns_ap_smv=6.4&ns_type=view&ns_ap_gs=1639597778619&ns_ts=1639597778619&ns_ap_cfg=1110101-110-3C-7D0-A-1F-1E-1E-12C-A&ns_ap_env=0-0-2&ns_ap_ut=60000&ns_ap_ar=unknown&ns_ap_cs=1&ns_ap_fg=1&ns_ap_dft=0&ns_ap_dbt=0&ns_ap_dit=0&ns_ap_as=1&ns_ap_das=0&ns_ap_usage=0&ns_radio=unknown&gdpr=1&gdpr_consent=&ns_ap_install=1639597778619&ns_ap_ft=0&ns_ap_bt=0&ns_ap_it=0&ns_ap_res=340x191&ns_ap_sd=1600x1200&ns_ap_po=0x0&ns_ap_lang=en-US&ns_ap_jb=unknown&ns_c=UTF-8&c7=https%3A%2F%2Fwww.dailymotion.com%2Fembed%2Fvideo%2Fx7zgqmr%3Fautoplay%3D1%26mute%3D1&c8=Dailymotion%20Video%20Player&c9=https%3A%2F%2Fwww.aiupnow.com%2F HTTP 302
  • https://sb.scorecardresearch.com/p2?c1=19&c2=4000005&ns_ap_an=unknown&ns_ap_pn=js&ns_ap_pv=5&c12=_&name=foreground&ns_ap_ec=1&ns_ap_ev=start&ns_ap_device=Linux%20x86_64&ns_ap_id=1639597783628&ns_ap_csf=1&ns_ap_bi=unknown&ns_ap_pfm=webbrowser&ns_ap_pfv=Chrome%2096.0.4664.93&ns_ap_ver=unknown&ns_ap_sv=7.6.0.210114&ns_ap_bv=7.6.0.210114&ns_ap_smv=6.4&ns_type=view&ns_ap_gs=1639597778619&ns_ts=1639597778619&ns_ap_cfg=1110101-110-3C-7D0-A-1F-1E-1E-12C-A&ns_ap_env=0-0-2&ns_ap_ut=60000&ns_ap_ar=unknown&ns_ap_cs=1&ns_ap_fg=1&ns_ap_dft=0&ns_ap_dbt=0&ns_ap_dit=0&ns_ap_as=1&ns_ap_das=0&ns_ap_usage=0&ns_radio=unknown&gdpr=1&gdpr_consent=&ns_ap_install=1639597778619&ns_ap_ft=0&ns_ap_bt=0&ns_ap_it=0&ns_ap_res=340x191&ns_ap_sd=1600x1200&ns_ap_po=0x0&ns_ap_lang=en-US&ns_ap_jb=unknown&ns_c=UTF-8&c7=https%3A%2F%2Fwww.dailymotion.com%2Fembed%2Fvideo%2Fx7zgqmr%3Fautoplay%3D1%26mute%3D1&c8=Dailymotion%20Video%20Player&c9=https%3A%2F%2Fwww.aiupnow.com%2F
Request Chain 567
  • https://sb.scorecardresearch.com/p?c1=19&c2=4000005&ns_ap_an=unknown&ns_ap_pn=js&ns_ap_pv=5&c12=_&name=foreground&ns_ap_ec=2&ns_ap_ev=hidden&ns_ap_device=Linux%20x86_64&ns_ap_id=1639597783628&ns_ap_bi=unknown&ns_ap_pfm=webbrowser&ns_ap_pfv=Chrome%2096.0.4664.93&ns_ap_ver=unknown&ns_ap_sv=7.6.0.210114&ns_ap_bv=7.6.0.210114&ns_ap_smv=6.4&ns_type=hidden&ns_ts=1639597779874&ns_ap_env=0-0-2&ns_st_sv=7.6.0.210114&ns_st_smv=6.4&ns_st_it=c&ns_st_id=cc2ecf73baed48448bf1c4a56f7618d2&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_sp=1&ns_st_sc=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_dppc=1&ns_st_dapc=1&ns_st_dspc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_po=0&ns_st_lda=0&ns_st_ldw=0&ns_st_ldo=0&ns_st_hd=10001&ns_st_mp=unknown&ns_st_mv=unknown&ns_st_cl=10000&ns_st_pn=1&ns_st_tp=1&ns_st_ct=va11&ns_st_ad=pre-roll&ns_st_li=0&ns_st_ty=video&ns_st_ci=x7zgqmr&ns_ap_ar=unknown&ns_ap_cs=1&ns_radio=unknown&ns_st_pt=0&ns_st_ipt=0&ns_st_iap=0&ns_st_iet=0&ns_st_iupc=0&ns_st_iupa=0&ns_st_ilpc=0&ns_st_ilpa=0&ns_st_ibc=0&ns_st_ibt=0&ns_st_itpc=0&ns_st_icpc=0&ns_st_cfg=111110001-5-4b0-3-5&ns_st_rcn=2&ns_st_cpo=0&c3=Dailymotion_Music&c4=0400&c6=*null&ns_st_bn=1&ns_st_an=1&ns_st_ce=*null&ns_st_ia=*null&ns_st_pu=BruceDayne&ns_st_st=BruceDayne&ns_st_pr=Aerobic%20Trap%20Melody%20-%20Smooth%20Trap%20Beat%20%7C%20Instrumental%20Music&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_ge=BruceDayne%2CBeats%20by%20BruceDayne%2CTrap%20Bluez%2Ctrapbluez%2Ctrap%20type%20beat%202021%2Ctrap%20type%20beats%202021%2Ctrap%20instrumental%202021%2Caerobic%2Caerobic%20trap%20beat%2Caerobic%20trap%20type%20beat%2Caerobic%20trap%20type%20beats%2Caerobic%20hip%20hop%20beat%2Caerobic%20hip%20hop%20instrumental%2Caerobic%20trap%20instrumental%2Caerobic%20type%20beat%2Caerobic%20type%20beats%2Caerobic%20type%20beat%202021%2Ctrap%20type%20beat%202020%2Ctrap%20type%20beat%20free%20for%20profit%2Ctrap%20type%20beat%202019%2Ctrap%20type%20beat%20free%2Ctrap%20type%20beat%20instrumental%2Ctrap%20type%20beat%20with%20hook%2Ctrap%20type%20beat%202020%20free%2Ctrap%20type%20beat%20anuel%2Ctrap%20type%20beat%20anime%2Ctrap%20type%20beat%20asap%20rocky%2Ctrap%20type%20beat%20artwork%2Caggressive%20trap%20type%20beat%2Ctrap%20type%20beat%20afro%2Ctrap%20type%20beat%20atlanta%2Ctrap%20type%20beat%20asan%2Ca%20boogie%20trap%20type%20beat%2Ctrap%20type%20beat%20bass%2Ctrap%20type%20beat%20bass%20boosted%2Ctrap%20type%20beat%20bad%20bunny%2Ctrap%20type%20beat%20boo%2Ctrap%20type%20beat%20boom%20bap%2Ctrap%20type%20beat%20banger%2Ctrap%20type%20beat%20bryant%20myers%2Ctrap%20type%20beat%20bells%2Csmooth%20rb%20trap%20type%20beat%2Cr%20n%20b%20trap%20type%20beat%2Crnb%20trap%20type%20beat%202020%2C90s%20rnb%20trap%20type%20beat%2Ccardi%20b%20trap%20type%20beat%2Crb%20trap%20type%20beat%20playlist%2Ctrap%20rnb%20type%20beats%2C808%20rb%20trap%20type%20beat&ns_st_dskc=0&ns_st_dska=0&ns_st_skd=0&ns_st_dskt=0&ns_st_dpc=0&gdpr=1&gdpr_consent=&ns_ap_res=340x191&ns_ap_sd=1600x1200&ns_ap_po=0x0&ns_ap_lang=en-US&ns_c=UTF-8&ns_st_lt=12209&ns_st_br=0&ns_st_rt=100&ns_st_vo=100&ns_st_pb=1&ns_st_dpt=0&ns_st_ap=0&ns_st_dap=0&ns_st_et=0&ns_st_det=0&ns_st_upc=0&ns_st_dupc=0&ns_st_upa=0&ns_st_dupa=0&ns_st_lpc=0&ns_st_dlpc=0&ns_st_lpa=0&ns_st_dlpa=0&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_dtpc=0&ns_st_dcpc=0&ns_st_skc=0&ns_st_ska=0&ns_st_skt=0&ns_st_pc=0&ns_st_pp=0&ns_st_pa=0&c7=https%3A%2F%2Fwww.dailymotion.com%2Fembed%2Fvideo%2Fx7zgqmr%3Fautoplay%3D1%26mute%3D1&c8=Dailymotion%20Video%20Player&c9=https%3A%2F%2Fwww.aiupnow.com%2F&ns_st_ub=0&ns_st_ti=*null HTTP 302
  • https://sb.scorecardresearch.com/p2?c1=19&c2=4000005&ns_ap_an=unknown&ns_ap_pn=js&ns_ap_pv=5&c12=_&name=foreground&ns_ap_ec=2&ns_ap_ev=hidden&ns_ap_device=Linux%20x86_64&ns_ap_id=1639597783628&ns_ap_bi=unknown&ns_ap_pfm=webbrowser&ns_ap_pfv=Chrome%2096.0.4664.93&ns_ap_ver=unknown&ns_ap_sv=7.6.0.210114&ns_ap_bv=7.6.0.210114&ns_ap_smv=6.4&ns_type=hidden&ns_ts=1639597779874&ns_ap_env=0-0-2&ns_st_sv=7.6.0.210114&ns_st_smv=6.4&ns_st_it=c&ns_st_id=cc2ecf73baed48448bf1c4a56f7618d2&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_sp=1&ns_st_sc=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_dppc=1&ns_st_dapc=1&ns_st_dspc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_po=0&ns_st_lda=0&ns_st_ldw=0&ns_st_ldo=0&ns_st_hd=10001&ns_st_mp=unknown&ns_st_mv=unknown&ns_st_cl=10000&ns_st_pn=1&ns_st_tp=1&ns_st_ct=va11&ns_st_ad=pre-roll&ns_st_li=0&ns_st_ty=video&ns_st_ci=x7zgqmr&ns_ap_ar=unknown&ns_ap_cs=1&ns_radio=unknown&ns_st_pt=0&ns_st_ipt=0&ns_st_iap=0&ns_st_iet=0&ns_st_iupc=0&ns_st_iupa=0&ns_st_ilpc=0&ns_st_ilpa=0&ns_st_ibc=0&ns_st_ibt=0&ns_st_itpc=0&ns_st_icpc=0&ns_st_cfg=111110001-5-4b0-3-5&ns_st_rcn=2&ns_st_cpo=0&c3=Dailymotion_Music&c4=0400&c6=*null&ns_st_bn=1&ns_st_an=1&ns_st_ce=*null&ns_st_ia=*null&ns_st_pu=BruceDayne&ns_st_st=BruceDayne&ns_st_pr=Aerobic%20Trap%20Melody%20-%20Smooth%20Trap%20Beat%20%7C%20Instrumental%20Music&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_ge=BruceDayne%2CBeats%20by%20BruceDayne%2CTrap%20Bluez%2Ctrapbluez%2Ctrap%20type%20beat%202021%2Ctrap%20type%20beats%202021%2Ctrap%20instrumental%202021%2Caerobic%2Caerobic%20trap%20beat%2Caerobic%20trap%20type%20beat%2Caerobic%20trap%20type%20beats%2Caerobic%20hip%20hop%20beat%2Caerobic%20hip%20hop%20instrumental%2Caerobic%20trap%20instrumental%2Caerobic%20type%20beat%2Caerobic%20type%20beats%2Caerobic%20type%20beat%202021%2Ctrap%20type%20beat%202020%2Ctrap%20type%20beat%20free%20for%20profit%2Ctrap%20type%20beat%202019%2Ctrap%20type%20beat%20free%2Ctrap%20type%20beat%20instrumental%2Ctrap%20type%20beat%20with%20hook%2Ctrap%20type%20beat%202020%20free%2Ctrap%20type%20beat%20anuel%2Ctrap%20type%20beat%20anime%2Ctrap%20type%20beat%20asap%20rocky%2Ctrap%20type%20beat%20artwork%2Caggressive%20trap%20type%20beat%2Ctrap%20type%20beat%20afro%2Ctrap%20type%20beat%20atlanta%2Ctrap%20type%20beat%20asan%2Ca%20boogie%20trap%20type%20beat%2Ctrap%20type%20beat%20bass%2Ctrap%20type%20beat%20bass%20boosted%2Ctrap%20type%20beat%20bad%20bunny%2Ctrap%20type%20beat%20boo%2Ctrap%20type%20beat%20boom%20bap%2Ctrap%20type%20beat%20banger%2Ctrap%20type%20beat%20bryant%20myers%2Ctrap%20type%20beat%20bells%2Csmooth%20rb%20trap%20type%20beat%2Cr%20n%20b%20trap%20type%20beat%2Crnb%20trap%20type%20beat%202020%2C90s%20rnb%20trap%20type%20beat%2Ccardi%20b%20trap%20type%20beat%2Crb%20trap%20type%20beat%20playlist%2Ctrap%20rnb%20type%20beats%2C808%20rb%20trap%20type%20beat&ns_st_dskc=0&ns_st_dska=0&ns_st_skd=0&ns_st_dskt=0&ns_st_dpc=0&gdpr=1&gdpr_consent=&ns_ap_res=340x191&ns_ap_sd=1600x1200&ns_ap_po=0x0&ns_ap_lang=en-US&ns_c=UTF-8&ns_st_lt=12209&ns_st_br=0&ns_st_rt=100&ns_st_vo=100&ns_st_pb=1&ns_st_dpt=0&ns_st_ap=0&ns_st_dap=0&ns_st_et=0&ns_st_det=0&ns_st_upc=0&ns_st_dupc=0&ns_st_upa=0&ns_st_dupa=0&ns_st_lpc=0&ns_st_dlpc=0&ns_st_lpa=0&ns_st_dlpa=0&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_dtpc=0&ns_st_dcpc=0&ns_st_skc=0&ns_st_ska=0&ns_st_skt=0&ns_st_pc=0&ns_st_pp=0&ns_st_pa=0&c7=https%3A%2F%2Fwww.dailymotion.com%2Fembed%2Fvideo%2Fx7zgqmr%3Fautoplay%3D1%26mute%3D1&c8=Dailymotion%20Video%20Player&c9=https%3A%2F%2Fwww.aiupnow.com%2F&ns_st_ub=0&ns_st_ti=*null

561 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
IMBWIxzlWq
t.co/ 		406 B
725 B 		Document
General
Check archive.org
Download Go to
Full URL
https://t.co/IMBWIxzlWq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
Security Headers
Name Value
Content-Security-Policy referrer always;
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Wed, 15 Dec 2021 19:49:25 GMT
vary
Origin
server
tsa_o
expires
Wed, 15 Dec 2021 19:54:25 GMT
content-type
text/html; charset=utf-8
cache-control
private,max-age=300
content-length
235
referrer-policy
unsafe-url
content-encoding
gzip
x-xss-protection
0
content-security-policy
referrer always;
strict-transport-security
max-age=0
x-response-time
124
x-connection-hash
9ba95965bc1852eed8e7d548d4f75b19d2b03fc894d65a8b383584dfcc73d717
Primary Request hackers-using-malicious-iis-server.html
www.aiupnow.com/2021/12/
Redirect Chain
  • http://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
  • https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
302 KB
57 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
1b1b92a4c0234d53798901f1e3c471cd982ad4cf646b9505484d0e873c728e88
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://t.co/IMBWIxzlWq

Response headers

content-type
text/html; charset=UTF-8
expires
Wed, 15 Dec 2021 19:49:26 GMT
date
Wed, 15 Dec 2021 19:49:26 GMT
cache-control
private, max-age=0
last-modified
Wed, 15 Dec 2021 15:04:59 GMT
etag
W/"fb9de84564f5fb89ea07f81b31b74fdca36f4721d1580f2f3bbe4d1be0d4b6e7"
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
57745
server
GSE

Redirect headers

Location
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Content-Type
text/html; charset=UTF-8
Content-Encoding
gzip
Date
Wed, 15 Dec 2021 19:49:25 GMT
Expires
Wed, 15 Dec 2021 19:49:25 GMT
Cache-Control
private, max-age=0
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Content-Security-Policy
frame-ancestors 'self'
X-XSS-Protection
1; mode=block
Content-Length
207
Server
GSE
1529571102-css_bundle_v2.css
www.blogger.com/static/v1/widgets/ 		35 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/static/v1/widgets/1529571102-css_bundle_v2.css
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0bcd5919bf34c7672ee85e44fd8c6a695a7ffbdd2126f4e54caecca5ca6996eb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 18:19:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
91814
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7804
x-xss-protection
0
last-modified
Tue, 14 Dec 2021 15:51:26 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Wed, 14 Dec 2022 18:19:12 GMT
dmedianet.js
contextual.media.net/ 		282 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/dmedianet.js?cid=8CUN68BAV
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
299ad209dd3973b3ef12896bbed9eeb597f8c4a703625eb2c9eed5c7f78b571c
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-mnt-h
8-11
content-encoding
gzip
server
Apache
etag
"30bc6e6d7875b522b17aa0b5f801f6c5"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
max-age=300
date
Wed, 15 Dec 2021 19:49:26 GMT
strict-transport-security
max-age=604800
x-mnt-w
8-16
expires
Wed, 15 Dec 2021 19:54:26 GMT
shareaholic.js
cdn.shareaholic.net/assets/pub/ 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shareaholic.net/assets/pub/shareaholic.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
3077cb5e37d8dc041b829c7f823616f6433006e6cc7aa94e2e44692b20c2c720

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 17:14:49 GMT
server
nginx
x-amz-request-id
G0NQ63SZVHFATGX4
etag
"90e9d5610fc8e91cef45750757b9d1a7"
x-hw
1639597766.cds085.lo4.hn,1639597766.cds005.lo4.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=1200, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
4264
x-amz-id-2
Q+qfTFpS4by0EsFYjgtGMjjfFBYbTni4b1Mt9MR+3qbVu5sIvXjHyUoCf76c6criiGfn/DAsD4E=
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.0/ 		94 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 17:52:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
6993
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33576
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 15 Dec 2022 17:52:53 GMT
apple-touch-icon.png
4.bp.blogspot.com/-OvGRVWKCtEI/XrFSUNK8zTI/AAAAAAAAf-o/RxScepL4BaQynp6TJIZk-zO6PMljMoB4wCK4BGAYYCw/s1600/ 		37 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4.bp.blogspot.com/-OvGRVWKCtEI/XrFSUNK8zTI/AAAAAAAAf-o/RxScepL4BaQynp6TJIZk-zO6PMljMoB4wCK4BGAYYCw/s1600/apple-touch-icon.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
c1dd3ae27cd0cf43059c6571c71a67429c3071d2fba84eba2d62809aa38ba3d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
x-content-type-options
nosniff
server
fife
etag
"v7feb"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
content-disposition
inline;filename="apple-touch-icon.png"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38044
x-xss-protection
0
expires
Thu, 16 Dec 2021 19:49:26 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		145 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
24409834e3b397f73fbffcaa4e4ceabb548d1cac124bb1489f0f0354c2932798
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
51874
x-xss-protection
0
server
cafe
etag
11518856072234457506
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 15 Dec 2021 19:49:26 GMT
icon18_edit_allbkg.gif
resources.blogblog.com/img/ 		162 B
680 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://resources.blogblog.com/img/icon18_edit_allbkg.gif
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ca9848e6006cfec8f9ffa29433ade8152204bdb95579200831c6dc0f53dff70b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 11 Dec 2021 17:58:40 GMT
x-content-type-options
nosniff
last-modified
Sat, 11 Dec 2021 09:02:54 GMT
server
sffe
age
352246
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
image/gif
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
162
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Sat, 18 Dec 2021 17:58:40 GMT
infolinks_main.js
resources.infolinks.com/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/infolinks_main.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9cff0359137fc419fd2612e9e813c2f61cc9dd1b915d0c7bb650e8f0ff9e5710

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray
6be231f8086a3628-MAN
date
Wed, 15 Dec 2021 19:49:26 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Wed, 15 Dec 2021 14:45:02 GMT
server
cloudflare
age
3850
etag
W/"d66-5d33059cfc081"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=3600
content-encoding
gzip
expires
Wed, 15 Dec 2021 19:45:16 GMT
platform.js
apis.google.com/js/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/platform.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
36a79135803869f257cae495ca43ee3d321aaaa2ea929856859444522d64cca8
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-9WMPj66gzKbpp55meNYHEw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
x-ua-compatible
IE=edge, chrome=1
server
ESF
etag
"ab30921c980527979f1cb8c5e858f5b2"
x-frame-options
SAMEORIGIN
report-to
{"group":"ATmXEA_dQVrlv86pC8WOEb5fgi9oommJCGyT6zaijoPCHQfA","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_dQVrlv86pC8WOEb5fgi9oommJCGyT6zaijoPCHQfA"}]}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
content-security-policy
script-src 'report-sample' 'nonce-9WMPj66gzKbpp55meNYHEw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ATmXEA_dQVrlv86pC8WOEb5fgi9oommJCGyT6zaijoPCHQfA"
expires
Wed, 15 Dec 2021 19:49:26 GMT
tumblr_static_8ivylfvb6r4sw840g0cc4k0s8%2B%25281%2529.jpg
4.bp.blogspot.com/-6CyFYpbgHns/XbbfhTPasCI/AAAAAAAAbl0/FSPC-1XBPZkDRPA36WlpLde2w8pzROJegCK4BGAYYCw/s1600/ 		55 KB
55 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4.bp.blogspot.com/-6CyFYpbgHns/XbbfhTPasCI/AAAAAAAAbl0/FSPC-1XBPZkDRPA36WlpLde2w8pzROJegCK4BGAYYCw/s1600/tumblr_static_8ivylfvb6r4sw840g0cc4k0s8%2B%25281%2529.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
4e9c61cb3ab5d2bcfbf8ebddad7f6c531ea3621fc5ab2adfe61a51f479fc3b69
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="tumblr_static_8ivylfvb6r4sw840g0cc4k0s8 (1).jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55898
x-xss-protection
0
server
fife
etag
"v6e5e"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Sat, 11 Dec 2021 14:16:39 GMT
cookienotice.js
www.aiupnow.com/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/js/cookienotice.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 17:54:09 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
text/javascript
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
2026
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Wed, 22 Dec 2021 19:49:26 GMT
69353044-widgets.js
www.blogger.com/static/v1/widgets/ 		155 KB
155 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/static/v1/widgets/69353044-widgets.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6fe452f57f319d6891a1e4119aa5c860fd59dc23f280351bd805a731ae835d55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 13 Dec 2021 02:32:57 GMT
x-content-type-options
nosniff
age
234989
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
158715
x-xss-protection
0
last-modified
Mon, 13 Dec 2021 00:59:22 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
expires
Tue, 13 Dec 2022 02:32:57 GMT
fbevents.js
connect.facebook.net/en_US/ 		98 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
25965
x-xss-protection
0
pragma
public
x-fb-debug
2tMv0K7CXAEaexmq1egf7Gi64GkTYLB1klv55iwKrcbWSiOrG/X+/ebQ0iBiwVAxpmvB/yMlvVz0KLG9ePLV/w==
x-fb-trip-id
2074150462
x-frame-options
DENY
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Wed, 15 Dec 2021 19:49:26 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
bg1.png
1.bp.blogspot.com/-0bObXH0-WHI/VmnwwA4dQiI/AAAAAAAACVY/NEHl0xoZ58s/s0-r/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.bp.blogspot.com/-0bObXH0-WHI/VmnwwA4dQiI/AAAAAAAACVY/NEHl0xoZ58s/s0-r/bg1.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
8b82f883c1cd11ad9b0f4cd6cea48c70c84a84f41c57ee6e637417ef78182f50
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 16:10:52 GMT
x-content-type-options
nosniff
age
13114
content-disposition
inline;filename="bg1.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5069
x-xss-protection
0
server
fife
etag
"v957"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 05 Oct 2021 17:54:36 GMT
main.js
m9m6e2w5.stackpathcdn.com/v2/cde9788c/ 		147 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
10ae4d64b0c71483f2e7214da1da2b2f86279ad766492a028146d6e0623e230c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 17:14:46 GMT
server
nginx
x-amz-request-id
G0NVJ6H0HP8GNGHM
etag
"c786ff130fd3e1a456555bb66b7a746f"
x-hw
1639597766.cds101.fr8.hn,1639597766.cds201.fr8.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
42511
x-amz-id-2
UH7DmSnm+N46phwWcT71PY+sQ8g+ecsxvmVOE8lYpxYzaUdSSDSJlsJox81y3+LMSuVXmJXL/5I=
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
872
date
Wed, 15 Dec 2021 19:34:54 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 15 Dec 2021 21:34:54 GMT
css
fonts.googleapis.com/ 		15 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Poppins:400,500,600,700|Open+Sans:400,600,700,400italic|Black+Ops+One
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8dcb8e128bd3aa982b2fe3a53685a5a6fe9ad4f6ec590611052b74813631e5f4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 19:49:26 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 15 Dec 2021 19:49:26 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 15 Dec 2021 19:49:26 GMT
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
723, 617, 617
age
20461348
cdn-cachedat
2021-04-23 02:06:15
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
f07a6a1e3a2be9775bad960520140228
cf-ray
6be231f86d550f82-MXP
cdn-requestcountrycode
IT
cdn-requestpullsuccess
True
authorization.css
www.blogger.com/dyn-css/ 		1 B
684 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/dyn-css/authorization.css?targetBlogID=7525488504328308640&zx=b1715448-b0db-499b-be96-20ef0dcb2cab
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
content-security-policy
script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 19:49:26 GMT
server
GSE
date
Wed, 15 Dec 2021 19:49:26 GMT
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-type
text/css; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21
x-xss-protection
1; mode=block
expires
Mon, 01 Jan 1990 00:00:00 GMT
e68e51f46304cc485d7732b4cf6276c7.json
www.shareaholic.net/config/ 		8 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.shareaholic.net/config/e68e51f46304cc485d7732b4cf6276c7.json
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.73.100.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-100-94.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6e6221f8603843e33aea69f1eff610fc753d5689ce75d5324f27144a10cb475f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-client-geo-country
DE,Deutschland
date
Wed, 15 Dec 2021 06:29:56 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
content-length
2066
server
nginx
x-client-geo-region
BE,Berlin
x-client-geo-metrocode
etag
W/"6e6221f8603843e33aea69f1eff610fc"
access-control-max-age
2000
x-client-geo-city
Berlin
x-varnish
311203552 296597667
via
1.1 varnish (Varnish/6.0)
access-control-expose-headers
Etag, Access-Control-Allow-Origin, x-client-geo-latlong, x-client-geo-country, x-client-geo-city, x-client-geo-zip, x-client-geo-region, x-client-geo-metrocode
cache-control
max-age=3, public, must-revalidate
x-client-geo-zip
10178
accept-ranges
bytes
content-type
application/json
access-control-allow-headers
*
x-client-geo-latlong
52.519600,13.406900
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/ 		276 KB
99 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
00db1163ca6054f2a8496a8613addd64991e27eedc8a136ca3e1f9dc04e894f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
101734
x-xss-protection
0
server
cafe
etag
4507154694380913909
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Wed, 15 Dec 2021 19:49:26 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/ Frame 9D87 		11 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Wed, 15 Dec 2021 18:36:45 GMT
expires
Wed, 29 Dec 2021 18:36:45 GMT
content-type
text/html; charset=UTF-8
etag
17731914101004188133
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4884
x-xss-protection
0
age
4361
cache-control
public, max-age=1209600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sdk.js
connect.facebook.net/en_US/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
db074a7d6723d58832bd2e692332131fead854ef3adf44c2ccf2cc657010c629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
Adz1uxHd0YQ5Yu8CG8cr8g==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
expires
Wed, 15 Dec 2021 19:55:56 GMT
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
1686
x-fb-rlafr
0
x-fb-debug
IaQzJzeY3zjTJJwLkhJ+K3ZqUJd+tTNCH70pEGEZfv+k6LsHhaDHAdL65skxtuRt+jqAApzVDflJKcTNsbEx2g==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
8e359c513ed6d2d95dcfe9e5014adbbf
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 15 Dec 2021 19:49:26 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"9dcf4e0265629f2045ee009fbb8b67a3"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
embed.js
sigma2.disqus.com/ 		74 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sigma2.disqus.com/embed.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
af6b050b64140f077b155b484ca85175a9e6627d81d11d7b5aeb9c998e6ada68
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:26 GMT
Content-Encoding
gzip
Server
openresty
Age
20
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Cache-Control
private, max-age=60
X-Service
router_gunicorn
Strict-Transport-Security
max-age=300; includeSubdomains
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
24631
Cross-Origin-Resource-Policy
cross-origin
ice.js
resources.infolinks.com/js/1769.027-3.025/ 		207 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/1769.027-3.025/ice.js
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d44ceec8bba88323fa0fdc3d0a6793b6f1e0c31d465be241d2142abd9ae36e50

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray
6be231f8a9f33628-MAN
date
Wed, 15 Dec 2021 19:49:26 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Sat, 11 Dec 2021 06:26:43 GMT
server
cloudflare
age
2891
etag
W/"33cca-5d2d8ec5512a4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
content-encoding
gzip
expires
Fri, 14 Jan 2022 19:01:15 GMT
pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,500,600,700|Open+Sans:400,600,700,400italic|Black+Ops+One
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.aiupnow.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 10:59:22 GMT
x-content-type-options
nosniff
age
31804
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7832
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 22:01:48 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 15 Dec 2022 10:59:22 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,500,600,700|Open+Sans:400,600,700,400italic|Black+Ops+One
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.aiupnow.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 00:14:34 GMT
x-content-type-options
nosniff
age
70492
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44656
x-xss-protection
0
last-modified
Thu, 28 Oct 2021 00:30:43 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 15 Dec 2022 00:14:34 GMT
pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v15/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,500,600,700|Open+Sans:400,600,700,400italic|Black+Ops+One
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.aiupnow.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 20:12:20 GMT
x-content-type-options
nosniff
age
85026
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7900
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 22:02:01 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 14 Dec 2022 20:12:20 GMT
memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
fonts.gstatic.com/s/opensans/v27/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v27/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,500,600,700|Open+Sans:400,600,700,400italic|Black+Ops+One
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f27408b033a0195d0f29b0ecbc143f470c4fbb0807472a688b2f9e66403651e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.aiupnow.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 06:39:33 GMT
x-content-type-options
nosniff
age
479393
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17768
x-xss-protection
0
last-modified
Thu, 28 Oct 2021 00:32:14 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 10 Dec 2022 06:39:33 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=profile/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/ 		178 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=profile/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/platform.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d1fc50d5f0b1a77ffe652c36310574123f7cd3871798d5a74aac8d09c3f455d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 11 Dec 2021 20:40:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
342535
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60347
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Sun, 11 Dec 2022 20:40:31 GMT
x7zgqmr
www.dailymotion.com/embed/video/ Frame BCCC 		0
0
fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Origin
https://www.aiupnow.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
601, 617, 718
age
20
cdn-cachedat
2021-08-02 20:43:32
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
77160
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
font/woff2
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
28557335b4662445583b1248d894b0b8
accept-ranges
bytes
cf-ray
6be231f90e01374d-MXP
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
page.php
www.facebook.com/plugins/ Frame 49B5 		0
0
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=2040115033&t=pageview&_s=1&dl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&dr=https%3A%2F%2Ft.co%2FIMBWIxzlWq&ul=en-us&de=UTF-8&dt=Hackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%20-%20The%20Entrepreneurial%20Way%20with%20A.I.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=686233738&gjid=888732875&cid=1224592578.1639597767&tid=UA-135957145-1&_gid=496403826.1639597767&_r=1&_slc=1&z=1033099576
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:26 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.aiupnow.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
2653164334924589
connect.facebook.net/signals/config/ 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/2653164334924589?v=2.9.48&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
edd44cad5cd50082407878419dee3031955cfb380d85653ce1100cea73bf9eef
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
2in1jlC0k/LS9fVJ6NyQx+lnlkT8tuf/GNxZyBuhm62mHmsGFGzyQYlElUiDLN3gUKV/NjdFaPuIlGvoBdEx+g==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:26 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
1
open.spotify.com/follow/ Frame AE5C
Redirect Chain
  • https://open.spotify.com/follow/1/?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
  • https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
0
0
mjI0tjt
snd.click/ Frame 056B 		0
0
authorization.css
www.blogger.com/dyn-css/ 		1 B
43 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/dyn-css/authorization.css?targetBlogID=7525488504328308640&zx=b1715448-b0db-499b-be96-20ef0dcb2cab
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
content-security-policy
script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 19:49:26 GMT
server
GSE
date
Wed, 15 Dec 2021 19:49:26 GMT
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-type
text/css; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21
x-xss-protection
1; mode=block
expires
Mon, 01 Jan 1990 00:00:00 GMT
cookie.js
partner.googleadservices.com/gampad/ 		215 B
645 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=www.aiupnow.com&callback=_gfp_s_&client=ca-pub-1342347843351338
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
091bacad3593c16089f1229a4c689b75163afd36633207d31f742f62e0eb6e59
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
201
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.aiupnow.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.aiupnow.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 7171 		436 B
235 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=743980787&adf=3719817289&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766434&bpp=14&bdt=157&idt=161&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&correlator=6217839419993&frm=20&pv=2&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=655&ady=113&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=xFYYDjuqkS&p=https%3A//www.aiupnow.com&dtd=173
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
11b5f40f6dca560597112cf6b1fb4f2d90eb2099735263d13dd5e45767c2075e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 15 Dec 2021 19:49:26 GMT
server
cafe
content-length
212
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:26 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame 8BAC 		0
0
repeat-bg.png
4.bp.blogspot.com/-R2WTW6O9E1o/VX7dqIGT1eI/AAAAAAAACc4/pyvQDMMLX3E/s1600/ 		229 B
254 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4.bp.blogspot.com/-R2WTW6O9E1o/VX7dqIGT1eI/AAAAAAAACc4/pyvQDMMLX3E/s1600/repeat-bg.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
2baf0db4101196df611d843d4741b65c2ebde9d4d458196ab9fb71039d8ccec7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 18:14:04 GMT
x-content-type-options
nosniff
age
5722
content-disposition
inline;filename="repeat-bg.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
229
x-xss-protection
0
server
fife
etag
"v9cf"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 18 Nov 2021 09:39:54 GMT
sdk.js
connect.facebook.net/en_US/ 		284 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=28f9a6f9eaf42320ac8b003f19c333a0
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5bf22243f9bc0b6da9f4f0ac925015270de2a047a12b1a267d9a55a0730e76b1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.aiupnow.com/
Origin
https://www.aiupnow.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
dKdtp8pwOhuGkuwT0uOyZg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
expires
Thu, 15 Dec 2022 17:28:15 GMT
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
81991
x-fb-rlafr
0
x-fb-debug
+b+VQT0YdR85Se1zbKWyv5mJ180wnZhsYZb+IhEMiWB6R2TuglwgpLIAdujsKaDHkuWNEfS/1pROpB7A/4jfAQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
8b3dbbe69222c872b70f0549cd21882f
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 15 Dec 2021 19:49:26 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"35eca3b658760da75c19e7497ebe3592"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
ads
googleads.g.doubleclick.net/pagead/ Frame 111B 		90 KB
29 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766449&bpp=1&bdt=171&idt=202&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yrheaW2R69&p=https%3A//www.aiupnow.com&dtd=209
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5a8e6c087e1dafd504a981dd54bc59a16a5ee9fa0ab31c97121d63ee0b2bf35b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 15 Dec 2021 19:49:27 GMT
server
cafe
content-length
29746
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:27 GMT
cache-control
private
tag.js
mc.yandex.ru/metrika/ 		194 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/metrika/tag.js
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
debb229daffbe34e17c32f8d56a72dfa9ba4debfcfcb330e733bf56d88da117c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
br
last-modified
Wed, 15 Dec 2021 16:08:50 GMT
etag
"61b9e8e2-107fa"
strict-transport-security
max-age=31536000
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
content-length
67578
expires
Wed, 15 Dec 2021 20:49:26 GMT
default
www.aiupnow.com/feeds/posts/ 		95 KB
28 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/feeds/posts/default?alt=json-in-script&max-results=5&callback=jQuery111007687505175406069_1639597766401&_=1639597766402
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
blogger-renderd /
Resource Hash
8ce727a9c2fad1b696c6bcff68d09df08016d7a516b270dfe1198b67867b5bc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 15:04:59 GMT
server
blogger-renderd
etag
W/"8b3360978fde67360ef0e1cc4b0817a8462ddfcae096ba75950155288db01119"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, must-revalidate, proxy-revalidate, max-age=1
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
content-length
28536
x-xss-protection
0
expires
Wed, 15 Dec 2021 19:49:27 GMT
Microsoft
www.aiupnow.com/feeds/posts/default/-/ 		74 KB
22 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/feeds/posts/default/-/Microsoft?alt=json-in-script&max-results=4&callback=jQuery111007687505175406069_1639597766403&_=1639597766404
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
blogger-renderd /
Resource Hash
86fe6ac66622cc492d3ca23080947404bdab03fdbf1eeae1f89eb2101fe87a3c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 15:04:59 GMT
server
blogger-renderd
etag
W/"809720d6b99cfdad82c9c2636d7b6eb8aa82cdf652dbe516b2883fd6ad049b7a"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, must-revalidate, proxy-revalidate, max-age=1
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
content-length
22813
x-xss-protection
0
expires
Wed, 15 Dec 2021 19:49:27 GMT
Amazon
www.aiupnow.com/feeds/posts/default/-/ 		84 KB
24 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/feeds/posts/default/-/Amazon?alt=json-in-script&max-results=4&callback=jQuery111007687505175406069_1639597766405&_=1639597766406
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
blogger-renderd /
Resource Hash
c4255d741dfb97063d6dc415fb5a6b2ad26ee3a7ef759c979b258e14ecdc07f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 15:04:59 GMT
server
blogger-renderd
etag
W/"6a3bbb2deb915ab52b4410f5dddef23f74e8069116b524d59907a982bbf736b9"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, must-revalidate, proxy-revalidate, max-age=1
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
content-length
24591
x-xss-protection
0
expires
Wed, 15 Dec 2021 19:49:27 GMT
Apple
www.aiupnow.com/feeds/posts/default/-/ 		77 KB
24 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/feeds/posts/default/-/Apple?alt=json-in-script&max-results=4&callback=jQuery111007687505175406069_1639597766407&_=1639597766408
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
blogger-renderd /
Resource Hash
4c6102f48f608e9a58d93796fe7b0f93282f8865ce662bf38e5072edb7dd692d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 15:04:59 GMT
server
blogger-renderd
etag
W/"18ff682ad2def1b8b0e03a53d114562c7b03bb59286fbfa2b7333652123a16fd"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, must-revalidate, proxy-revalidate, max-age=1
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
content-length
24205
x-xss-protection
0
expires
Wed, 15 Dec 2021 19:49:27 GMT
VR
www.aiupnow.com/feeds/posts/default/-/ 		132 KB
35 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/feeds/posts/default/-/VR?alt=json-in-script&max-results=4&callback=jQuery111007687505175406069_1639597766409&_=1639597766410
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
blogger-renderd /
Resource Hash
ee5ee5e3221ae427136db90bdd8f04cc152d687a9de9e69797f4a87a0d685f6c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 15:04:59 GMT
server
blogger-renderd
etag
W/"8754f4f2e4bc74ae9a6d38b89209d176da00e8747786c21adc5588fe188fd2a9"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, must-revalidate, proxy-revalidate, max-age=1
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
content-length
35349
x-xss-protection
0
expires
Wed, 15 Dec 2021 19:49:27 GMT
e
analytics.shareaholic.com/ 		43 B
380 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.shareaholic.com/e
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.204.113.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-204-113-242.compute-1.amazonaws.com
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Content-Security-Policy referrer always

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:26 GMT
vary
Origin
p3p
CP="OTI DSP COR DEVo ADMa OUR CONo IND COM INT ONL PUR STA OTC"
access-control-allow-origin
https://www.aiupnow.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
referer-policy
unsafe-url
content-security-policy
referrer always
content-type
image/gif
content-length
43
expires
Thu, 01 Jan 1970 00:00:00 GMT
x7zgqmr
www.dailymotion.com/embed/video/ Frame 9407 		26 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.90 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
fp.dc3.dailymotion.com
Software
DMS/1.0.42 /
Resource Hash
7f511fec0d53c96ab3419058c849e13ee46f1be67c754be58f6af6c027b5a673
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31708800; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

Cache-Control
no-cache, no-store
Content-Encoding
gzip
Content-Length
9415
Content-Security-Policy
upgrade-insecure-requests
Content-Security-Policy-Report-Only
default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri
Content-Type
text/html; charset=utf-8
Date
Wed, 15 Dec 2021 19:49:26 GMT
Expect-Ct
max-age=0, report-uri="https://www.dailymotion.com/content_security_policy_report_uri"
Link
<https://static1.dmcdn.net>; rel=preconnect
Referrer-Policy
no-referrer-when-downgrade
Server
DMS/1.0.42
Server-Timing
total;dur=127, dc;desc="dc3"
Strict-Transport-Security
max-age=31708800; includeSubDomains; preload
Timing-Allow-Origin
*
Vary
X-DM-SSL,Accept-Encoding
page.php
www.facebook.com/plugins/ Frame 2DC3 		46 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
80c716ea4311331aecad9182f2e6078623900ef2e3c4fddb9d42e243746beadb
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

vary
Accept-Encoding
content-encoding
br
x-fb-rlafr
0
document-policy
force-load-at-top
cross-origin-opener-policy
unsafe-none
pragma
no-cache
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options
nosniff
x-xss-protection
0
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
x-fb-debug
60VTTedFpRi+oz1Vwt6Jxf7YaHYc5ttzfEpTfTCVT/1pjrgbWgfnp1fJVwAZQ+tQMgb2QS7uKLBQJazUa2PpIA==
date
Wed, 15 Dec 2021 19:49:26 GMT
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
1
open.spotify.com/follow/ Frame 1C4D
Redirect Chain
  • https://open.spotify.com/follow/1/?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
  • https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
2 KB
966 B 		Document
General
Check archive.org
Download Go to
Full URL
https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
envoy /
Resource Hash
d0d730ac7b9fa74a2c09a58125fdfd317b367486c40ea60e424f959bff191274
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
spotify-request-id
46c6925c-a17f-43d1-a589-d4695437b6a6
content-encoding
br
x-join-the-band
https://www.spotify.com/jobs/
sp-trace-id
8d18975c1211ca93
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
server
envoy
via
HTTP/2 edgeproxy, 1.1 google
alt-svc
clear

Redirect headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-type
text/html
location
https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
x-join-the-band
https://www.spotify.com/jobs/
sp-trace-id
06909802bc75ebcb
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
gzip
vary
Accept-Encoding
server
envoy
via
HTTP/2 edgeproxy, 1.1 google
alt-svc
clear
mjI0tjt
snd.click/ Frame 10D1 		44 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://snd.click/mjI0tjt?embed=1
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce600c2ffaa71b56c40c362b1a92f6635466796d74560e88ea910a248b5985ad

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
content-type
text/html; charset=UTF-8
cache-control
private, must-revalidate
pragma
no-cache
expires
-1
vary
Accept-Encoding
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QjpYtCH%2B57NZFgi15FBfyUnAVEf9O%2F4TqgftYgO5R%2Bo%2BFKgfQ6TRtBjgaImMwZ4T6rLgAG9sJ9RFb2MkgCMwFUA7bM9OoH6kjt28V%2BXqlYizWLhpoR25VBfwg%2BIEwBwZs%2F9M7y1xCao%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6be231f9fbe9f923-MXP
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
ads
googleads.g.doubleclick.net/pagead/ Frame 8FA7 		70 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766616&bpp=1&bdt=338&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3465&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=1&fsb=1&xpc=mJaJBCYa8E&p=https%3A//www.aiupnow.com&dtd=5
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4a54de99803e6b96ff9ffb718132f86d01dacf33d740640bc31a5714e372181b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 15 Dec 2021 19:49:27 GMT
server
cafe
content-length
27551
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:27 GMT
cache-control
private
pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,500,600,700|Open+Sans:400,600,700,400italic|Black+Ops+One
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.aiupnow.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 17:53:46 GMT
x-content-type-options
nosniff
age
93340
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7776
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 22:01:55 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 14 Dec 2022 17:53:46 GMT
default
www.aiupnow.com/feeds/posts/ 		299 KB
76 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/feeds/posts/default?alt=json-in-script&callback=jQuery111007687505175406069_1639597766411&_=1639597766412
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
blogger-renderd /
Resource Hash
7ec24c6f5f2515f0751a151338a93c4f2fdc6994d08d95cd02e82d9000e341c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 15:04:59 GMT
server
blogger-renderd
etag
W/"281fcd3de1ab1c0e9cc7b46797cfe12c3609c7c67994e4d5726b8dacb7b8cbd0"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, must-revalidate, proxy-revalidate, max-age=1
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
content-length
77284
x-xss-protection
0
expires
Wed, 15 Dec 2021 19:49:27 GMT
london-based-fintech-startup-toucan.html
www.aiupnow.com/2021/12/ 		300 KB
56 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/2021/12/london-based-fintech-startup-toucan.html
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
c24111290c8ad7c12a85ed464ef68ad03a73b6f96a605a626b511709f34a326a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
text/html, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 15:04:59 GMT
server
GSE
etag
W/"fb9de84564f5fb89ea07f81b31b74fdca36f4721d1580f2f3bbe4d1be0d4b6e7"
content-type
text/html; charset=UTF-8
cache-control
private, max-age=0
content-length
57310
x-xss-protection
1; mode=block
expires
Wed, 15 Dec 2021 19:49:26 GMT
hamburg-based-dealcode-nabs-1-million.html
www.aiupnow.com/2021/12/ 		300 KB
56 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/2021/12/hamburg-based-dealcode-nabs-1-million.html
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
c7fc79ad0d9fd7c1b846e2d87aac2c09c80515296b8bd03989251c4e0eb5d4a7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
text/html, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 15:04:59 GMT
server
GSE
etag
W/"fb9de84564f5fb89ea07f81b31b74fdca36f4721d1580f2f3bbe4d1be0d4b6e7"
content-type
text/html; charset=UTF-8
cache-control
private, max-age=0
content-length
57355
x-xss-protection
1; mode=block
expires
Wed, 15 Dec 2021 19:49:26 GMT
noreply@blogger.com%20(Ravie%20Lakshmanan)
www.aiupnow.com/feeds/posts/default/-/ 		78 KB
24 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/feeds/posts/default/-/noreply@blogger.com%20(Ravie%20Lakshmanan)?alt=json-in-script&max-results=3&callback=jQuery111007687505175406069_1639597766413&_=1639597766414
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
blogger-renderd /
Resource Hash
32f920ad9b6cb2b6ac130c2df124283e0f6fda7753ec304ce622126595497dc2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 15:04:59 GMT
server
blogger-renderd
etag
W/"5cbb01f3269050ab3cad963bd654f5f109e09d99e3df8215953e52e7bebc728c"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, must-revalidate, proxy-revalidate, max-age=1
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
content-length
24264
x-xss-protection
0
expires
Wed, 15 Dec 2021 19:49:27 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 0620 		277 KB
65 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&adk=1812271804&adf=3025194257&lmt=1639580699&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&ea=0&flash=0&host=ca-host-pub-1556223355139109&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766721&bpp=2&bdt=444&idt=2&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250%2C728x90&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=9&uci=a!9&fsb=1&dtd=38
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9707403b8102fda62ea0dcf171404b08c461abb8bcf8c388c0408dd5464214bd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 15 Dec 2021 19:49:27 GMT
server
cafe
content-length
66377
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:27 GMT
cache-control
private
cb=gapi.loaded_1
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=ytsubscribe/exm=profile/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/ 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=ytsubscribe/exm=profile/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_1
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/platform.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3a5a376ad9d79b81a594792447a2e228ee3610350d89960c7d7606669c594fd2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 11 Dec 2021 09:19:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
383368
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10025
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Sun, 11 Dec 2022 09:19:58 GMT
cb=gapi.loaded_2
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=auth/exm=profile,ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/ 		76 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=auth/exm=profile,ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_2
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/platform.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cf982d883df5960372888dea0fad2d161a0b97e1ad17342fb9edf73efdd2db21
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 15:16:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
16399
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27248
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 15:16:07 GMT
subscribe_embed
www.youtube.com/ Frame 6C86 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&layout=full&count=default&origin=https%3A%2F%2Fwww.aiupnow.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/platform.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0e6abcda5fce77abbbe604e877b62e24e259677473dfbdab14f81795ea7cd2d9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

content-type
text/html; charset=utf-8
x-content-type-options
nosniff
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 15 Dec 2021 19:49:26 GMT
strict-transport-security
max-age=31536000
report-to
{"group":"ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"}]}
cross-origin-opener-policy-report-only
same-origin; report-to="ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
content-encoding
br
server
ESF
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
manage
router.infolinks.com/usync/ Frame 4101 		9 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
218558585458a13a0561c9747e86fc90db372981a72ba884d87af47e8b3ce13c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-type
text/html;charset=UTF-8
cache-control
no-store
p3p
CP="NON DSP NID OUR COR"
via
1.1 google
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6be231face083628-MAN
content-encoding
gzip
lcmanage
router.infolinks.com/usync/ 		0
37 B 		Script
General
Check archive.org
Download Go to
Full URL
https://router.infolinks.com/usync/lcmanage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control
no-store
cf-ray
6be231face0e3628-MAN
content-length
0
gsd
router.infolinks.com/ 		314 B
522 B 		Script
General
Check archive.org
Download Go to
Full URL
https://router.infolinks.com/gsd?evt=afterGSD&pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&jsv=1769.027-3.025&ref=t.co%2FIMBWIxzlWq&_cb=16395977668230
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ebd9786b02160e2eebfbfb0820e4f91bffa8a67ec75a06007186bd272955a55d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:26 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
text/javascript;charset=UTF-8
content-encoding
gzip
cache-control
max-age=0
cf-ray
6be231face0c3628-MAN
expires
Thu, 01 Jan 1970 00:00:00 GMT
lazy.min.js
www.gstatic.com/feedback/js/help/prod/service/ 		79 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=profile/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4c0f1cce1d9f37c25fa9ee1e57c0f4308de2835d5083048c959b13b2cde60ef9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 18:59:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2969
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/product-feedback-gathering
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28818
x-xss-protection
0
last-modified
Tue, 07 Dec 2021 17:14:26 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="product-feedback-gathering"
vary
Accept-Encoding, Origin
report-to
{"group":"product-feedback-gathering","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/product-feedback-gathering"}]}
content-type
text/javascript
cache-control
public, max-age=3000
accept-ranges
bytes
expires
Wed, 15 Dec 2021 19:49:57 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 36DA 		436 B
236 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=3822660987&adf=2038951932&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766449&bpp=1&bdt=172&idt=395&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250%2C728x90%2C0x0&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=739&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=hFlesZyNb0&p=https%3A//www.aiupnow.com&dtd=403
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
352248c620cdf3a80741dab4632584909e0aeb9d176c13b49a0b741694e33f9c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 15 Dec 2021 19:49:27 GMT
server
cafe
content-length
212
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:27 GMT
cache-control
private
lounge.7ab903feba7624935283ca4c7d8c7203.css
c.disquscdn.com/next/embed/styles/ 		0
26 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:7a00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 23:27:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
678139
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
26065
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Tue, 07 Dec 2021 22:32:35 GMT
server
nginx
etag
"61afe103-65d1"
content-type
text/css; charset=utf-8
via
1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
expires
Wed, 07 Dec 2022 23:27:07 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
mihe3sxCJLgtjc9BW9y6hOUGhKDu4LX0Pn-MxRlaVLSw0S6GchUTLQ==
x-cache-hits
0
common.bundle.2f2f40d40785c9541a90e9086c8770a3.js
c.disquscdn.com/next/embed/ 		0
93 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/common.bundle.2f2f40d40785c9541a90e9086c8770a3.js
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:7a00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 25 Oct 2021 14:45:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
4424636
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
94779
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Fri, 22 Oct 2021 00:26:02 GMT
server
nginx
etag
"6172051a-1723b"
content-type
application/javascript; charset=utf-8
via
1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
expires
Tue, 25 Oct 2022 14:45:30 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
Gpr4kiSXPLCNMPyjbhfJu5mf6rEetTlzYiw2PDpcxKaWjGg8MtPuSg==
x-cache-hits
0
lounge.bundle.920cdf639b386b42eddc25a8b2755561.js
c.disquscdn.com/next/embed/ 		0
121 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/lounge.bundle.920cdf639b386b42eddc25a8b2755561.js
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:7a00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 23:27:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
678139
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
122873
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Tue, 07 Dec 2021 22:32:35 GMT
server
nginx
etag
"61afe103-1dff9"
content-type
application/javascript; charset=utf-8
via
1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
expires
Wed, 07 Dec 2022 23:27:07 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
RSEFyWUaTDaxWK6LXR0i7h8zrWcm8LRVioTYj2hMRfpCH7_USd8Xug==
x-cache-hits
0
config.js
disqus.com/next/ 		0
15 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://disqus.com/next/config.js
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:26 GMT
X-Content-Type-Options
nosniff
Content-Type
application/javascript; charset=UTF-8
Server
nginx
Age
51
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin
*
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
14552
X-XSS-Protection
1; mode=block
recommendations.js
sigma2.disqus.com/ 		63 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sigma2.disqus.com/recommendations.js
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
ec5c6adbb37db7364cc2a0f8465175d7d8b5af2f8bea562181644e13508122f1
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:27 GMT
Content-Encoding
gzip
Server
openresty
Age
0
Vary
Accept-Encoding, Accept, Accept-Encoding, X-Forwarded-Proto, X-Disqus-Shortname, X-Disqus-Device, X-Disqus-Experiment, X-Disqus-Is-Private, X-Disqus-Development-Base
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Cache-Control
stale-while-revalidate=60, public, stale-if-error=86400, max-age=60
X-Service
router_gunicorn
Strict-Transport-Security
max-age=300; includeSubdomains
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
20890
Cross-Origin-Resource-Policy
cross-origin
ads
googleads.g.doubleclick.net/pagead/ Frame 3E70 		89 KB
31 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766471&bpp=2&bdt=193&idt=433&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=NgnToCu2Ou&p=https%3A//www.aiupnow.com&dtd=437
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18e6acdf2482279ae2374fcd29fc56caf6e918596a0dd75890816241c652fea2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 15 Dec 2021 19:49:27 GMT
server
cafe
content-length
31386
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:27 GMT
cache-control
private
sharebuttons.js
m9m6e2w5.stackpathcdn.com/v2/cde9788c/ 		178 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/sharebuttons.js
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
956c937c18e92293c7ef920d33914118c5c3b5930f608c9f59b76367d9c409d9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 17:14:46 GMT
server
nginx
x-amz-request-id
XKBQ0ZCJN8T0JWWK
etag
"1b7d36dcdcb5fe22c177a72eb41a6b49"
x-hw
1639597766.cds101.fr8.hn,1639597766.cds221.fr8.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
37690
x-amz-id-2
Gpfzu1c4HAvB7tTGwj6ocC3HVzfzugMQF8tVDDiT2Gza64pyG3I2rbcEEdMmfssrqA4GsQfkf8U=
recommendations.js
m9m6e2w5.stackpathcdn.com/v2/cde9788c/ 		92 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/recommendations.js
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
9904ccc112b0cbf11bac902cb4c91ce4af8398396917bc1d3d8dd5d355ace176

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 17:14:47 GMT
server
nginx
x-amz-request-id
XKBP8GA4DSG80AM6
etag
"124b1ddaa6b830a55e18ae7f9c66309a"
x-hw
1639597766.cds101.fr8.hn,1639597766.cds151.fr8.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
12739
x-amz-id-2
QubKB136HUDrXNwKBkh3KlnGViIKNFVgsGCDdwlXpKDATcA4jCIIWdTdi9KG3VrFt+NCSnhECMw=
cookieconsent.js
m9m6e2w5.stackpathcdn.com/v2/cde9788c/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/cookieconsent.js
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
34fa06f4b9082afd593822ef7a15e41e2df8c335d9e696ec864c061cdabe483b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 17:14:46 GMT
server
nginx
x-amz-request-id
7N3JWBEJFKDYPN0N
etag
"c9aa93e9b05376764d3741510358494e"
x-hw
1639597766.cds101.fr8.hn,1639597766.cds101.fr8.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
2370
x-amz-id-2
EJSjooTlbls7VGIS73GsWrI41+kM3mrP/xSufVGfnIlM40OeIkWpdmDf94hQU8ysvISyF4AIWVM=
affiliatelinks.js
m9m6e2w5.stackpathcdn.com/v2/cde9788c/ 		991 B
801 B 		Script
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/affiliatelinks.js
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
bef5318f625cf3dad8e4db35a1eb5a8548dae2317569c5aa4647e8a198cdd60a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 17:14:46 GMT
server
nginx
x-amz-request-id
XKBTD0Z08RQT9KR3
etag
"481e1d8072d6fefe9f42b0f9898cd18e"
x-hw
1639597766.cds101.fr8.hn,1639597766.cds135.fr8.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
594
x-amz-id-2
EzqYPFJ4MH4ddsTqnvHB5sWOBUYQTKawP8P+CERXgfj2TZ1RZSWZPpfumdzONMl3L7S9M2EYoXM=
anchorad.js
m9m6e2w5.stackpathcdn.com/v2/cde9788c/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/anchorad.js
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
be43a684a99f6071923acef248515dadee8bf4db7cc059aed54dda51b6d3dd44

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 17:14:46 GMT
server
nginx
x-amz-request-id
7N3VTG63QCXWKFNG
etag
"f475b56277bd3553e78cf2bb834126b5"
x-hw
1639597766.cds101.fr8.hn,1639597766.cds154.fr8.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
2637
x-amz-id-2
eAPqZMT1zzAPjvIIjpk3VzgSvvnxAzJ6w4UdR7lJL9DSnLFvZVeLyFIsGRV+w6nJng8x6viRJ4s=
adminbadgei.js
m9m6e2w5.stackpathcdn.com/v2/cde9788c/ 		18 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/adminbadgei.js
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
d50b115ed15f11d96d3ab369d091db9bf261ff6a41ee29ef08599464913bb0d9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 17:14:46 GMT
server
nginx
x-amz-request-id
STCS4WHZSC5A0EK4
etag
"1a370075234e5a4741e8e74bf7eab3b9"
x-hw
1639597766.cds101.fr8.hn,1639597766.cds138.fr8.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
4076
x-amz-id-2
aIrtMxvgpwZpf9ZraMhjESwfu5mnJ8lN7pg+W/zXfgdSgAivkflTgIOlMUQKxN6qRACTZhmIDAs=
partners.js
partner.shareaholic.com/ 		0
265 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.shareaholic.com/partners.js?location=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&referrer=https%3A%2F%2Ft.co%2FIMBWIxzlWq&cl=en-US&id_sync=2d7e41b2-4b5b-4d9e-8b7c-40e598578cef&minify=1&pvs=1&site=e68e51f46304cc485d7732b4cf6276c7
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.20.140.231 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-20-140-231.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:27 GMT
vary
Accept-Encoding, User-Agent
p3p
CP='OTI DSP COR DEVo ADMa OUR CONo IND COM INT ONL PUR STA OTC'
cache-control
no-cache, no-store, must-revalidate
content-type
application/javascript;charset=utf-8
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame DD2D 		71 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766526&bpp=4&bdt=248&idt=419&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=08EpsWnfa3&p=https%3A//www.aiupnow.com&dtd=428
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
94d2985bfe7d4e2dc46a076e64341f5862ad21e673ab5cac0b5addbd124676a3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 15 Dec 2021 19:49:27 GMT
server
cafe
content-length
27896
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:27 GMT
cache-control
private
/
www.facebook.com/tr/ 		44 B
90 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=2653164334924589&ev=PageView&dl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&rl=https%3A%2F%2Ft.co%2FIMBWIxzlWq&if=false&ts=1639597766970&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1639597766969.183938558&it=1639597766549&coo=false&rqm=GET
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:26 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Wed, 15 Dec 2021 19:49:26 GMT
www-subscribe-embed_split_v0.css
www.youtube.com/s/subscriptions/subscribe_embed/css/ Frame 6C86 		38 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/subscriptions/subscribe_embed/css/www-subscribe-embed_split_v0.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&layout=full&count=default&origin=https%3A%2F%2Fwww.aiupnow.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9325cb86c14e757a3266ab710efa8294b3cd00403310dfe09e6f561f7c94b438
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&layout=full&count=default&origin=https%3A%2F%2Fwww.aiupnow.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 10:01:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
467292
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6066
x-xss-protection
0
last-modified
Wed, 18 Nov 2020 18:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 10 Dec 2022 10:01:15 GMT
AKedOLQvEGQZieCyCYqn0YCdtdRHEg6M0BUtm3bgWYwWIQ=s48-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 6C86 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://yt3.ggpht.com/ytc/AKedOLQvEGQZieCyCYqn0YCdtdRHEg6M0BUtm3bgWYwWIQ=s48-c-k-c0x00ffffff-no-rj
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&layout=full&count=default&origin=https%3A%2F%2Fwww.aiupnow.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
4e7a4de80dbec3e143eea735672c7a5aff8303e551c431f479f7e9f8b6c20b78
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
x-content-type-options
nosniff
age
0
content-disposition
inline;filename="unnamed.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1675
x-xss-protection
0
server
fife
etag
"v9f"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Sun, 12 Dec 2021 13:30:19 GMT
www-subscribe-embed_v0.js
www.youtube.com/s/subscriptions/subscribe_embed/js/ Frame 6C86 		252 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/subscriptions/subscribe_embed/js/www-subscribe-embed_v0.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&layout=full&count=default&origin=https%3A%2F%2Fwww.aiupnow.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
35196923692f06f97491caf22422cce4b612d5ef07c51842ca94a088b15456e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&layout=full&count=default&origin=https%3A%2F%2Fwww.aiupnow.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 10:01:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
467291
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
73785
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 21:45:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 10 Dec 2022 10:01:16 GMT
nth.png
3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
f4b70c4cd11d64db7c587fa68ed12651b684fe2e78a9a9d46812f89beb496acb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:01:55 GMT
x-content-type-options
nosniff
age
2851
content-disposition
inline;filename="nth.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3362
x-xss-protection
0
server
fife
etag
"vb88"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 16 Dec 2021 15:00:37 GMT
Screen-Shot-2021-11-02-at-8.11.33-PM-1-1024x391.png
www.saastr.com/wp-content/uploads/2021/12/ 		65 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.saastr.com/wp-content/uploads/2021/12/Screen-Shot-2021-11-02-at-8.11.33-PM-1-1024x391.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.73.247.27 North Charleston, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),
Reverse DNS
27.247.73.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
84077212eff3a118119952d95dfdd412f3a97e1c779d3881ce6c3402fbfc96b8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
last-modified
Wed, 15 Dec 2021 05:37:52 GMT
server
nginx
etag
"61b97f30-10289"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
66185
1BzJJx-XDuOs0xAWBp7YYEiYzk8WrZDYH
doc-0o-0c-docs.googleusercontent.com/docs/securesc/n4tt96pmlq8gcqn3bf4ktb9vdim3i29o/o5l5leio1ut9fon82sq61440dhotgcj3/1639597725000/04172779913741121811/14799480645933431078Z/
Redirect Chain
  • https://drive.google.com/uc?id=1BzJJx-XDuOs0xAWBp7YYEiYzk8WrZDYH
  • https://doc-0o-0c-docs.googleusercontent.com/docs/securesc/n4tt96pmlq8gcqn3bf4ktb9vdim3i29o/o5l5leio1ut9fon82sq61440dhotgcj3/1639597725000/04172779913741121811/14799480645933431078Z/1BzJJx-XDuOs0xA...
  • https://docs.google.com/nonceSigner?nonce=8qc6r52gpbh96&continue=https://doc-0o-0c-docs.googleusercontent.com/docs/securesc/n4tt96pmlq8gcqn3bf4ktb9vdim3i29o/o5l5leio1ut9fon82sq61440dhotgcj3/1639597...
  • https://doc-0o-0c-docs.googleusercontent.com/docs/securesc/n4tt96pmlq8gcqn3bf4ktb9vdim3i29o/o5l5leio1ut9fon82sq61440dhotgcj3/1639597725000/04172779913741121811/14799480645933431078Z/1BzJJx-XDuOs0xA...
22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://doc-0o-0c-docs.googleusercontent.com/docs/securesc/n4tt96pmlq8gcqn3bf4ktb9vdim3i29o/o5l5leio1ut9fon82sq61440dhotgcj3/1639597725000/04172779913741121811/14799480645933431078Z/1BzJJx-XDuOs0xAWBp7YYEiYzk8WrZDYH?nonce=8qc6r52gpbh96&user=14799480645933431078Z&hash=rdqkpgrqp3mfcbh2dtj5jr201nv39g5o
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
ac58756be8a08b00efa89ae967645beadb91d7a724c5217e4c847be2f06d4034

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:28 GMT
access-control-allow-methods
GET,OPTIONS
server
UploadServer
access-control-allow-headers
Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment
x-guploader-uploadid
ADPycdtUxOrRZkcmfk2Jl7dYvQA5vGLbQYFIHWHBlPwnmgD--i3eo-zxf4Wo6buu7T2PkgvnXHqM2nyT06seCToPV7Gu7_zU_A
x-goog-hash
crc32c=sudjPA==
p3p
CP="This is not a P3P policy! See http://www.google.com/support/accounts/answer/151657?hl=en for more info."
access-control-allow-origin
*
cache-control
private, max-age=0
access-control-allow-credentials
false
content-disposition
inline;filename="4214db0a-02ac-4110-a901-bb96409e7ada.jpg";filename*=UTF-8''4214db0a-02ac-4110-a901-bb96409e7ada.jpg
content-type
image/jpeg
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22775
expires
Wed, 15 Dec 2021 19:49:28 GMT

Redirect headers

date
Wed, 15 Dec 2021 19:49:27 GMT
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
ESF
cross-origin-opener-policy
same-origin
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
application/binary
location
https://doc-0o-0c-docs.googleusercontent.com/docs/securesc/n4tt96pmlq8gcqn3bf4ktb9vdim3i29o/o5l5leio1ut9fon82sq61440dhotgcj3/1639597725000/04172779913741121811/14799480645933431078Z/1BzJJx-XDuOs0xAWBp7YYEiYzk8WrZDYH?nonce=8qc6r52gpbh96&user=14799480645933431078Z&hash=rdqkpgrqp3mfcbh2dtj5jr201nv39g5o
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-security-policy
script-src 'report-sample' 'nonce-s40CmqlV3XZpxHEGFIziUQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentSignerHttp/cspreport;worker-src 'self', script-src 'nonce-s40CmqlV3XZpxHEGFIziUQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentSignerHttp/cspreport, require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentSignerHttp/cspreport
expires
Mon, 01 Jan 1990 00:00:00 GMT
Less-Stress-Infographic_FINAL.png
blogs.windows.com/wp-content/uploads/prod/sites/2/2021/11/ 		290 KB
291 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.windows.com/wp-content/uploads/prod/sites/2/2021/11/Less-Stress-Infographic_FINAL.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5ea452e977280c259515115b1f3e03bf152e5b4c79b3e785cb8eeac26c327c9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 15 Dec 2021 19:49:27 GMT
cf-cache-status
HIT
content-md5
MYsHuM3b2QRo+mPbo2ZeDA==
age
217757
cf-polished
origFmt=png, origSize=523905
content-disposition
inline; filename="Less-Stress-Infographic_FINAL.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
296906
x-ms-lease-state
available
x-ms-lease-status
unlocked
last-modified
Wed, 17 Nov 2021 13:34:27 GMT
server
cloudflare
etag
"0x8D9A9CEF9F377A3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
x-ms-request-id
9c235a7b-601e-0015-44f1-efbaf1000000
expires
Thu, 31 Dec 2037 23:55:55 GMT
cache-control
max-age=315360000
x-ms-version
2014-02-14
accept-ranges
bytes
cf-ray
6be231fd2be954c4-MAN
cf-bgj
imgq:100,h2pri
AmazonWebServicesBlog
feeds.feedburner.com/~ff/ 		997 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=yIl2AUoC8zA
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
6991b0dfb02f46e2bb00808bd3eaaf97cfb4caa209a24ceb5a5c3482b091d6ff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
x-content-type-options
nosniff
server
GSE
etag
Kg31R1CGIqw4HTZpTQkVWDFniR0
content-type
image/gif
cache-control
max-age=371437
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
997
x-xss-protection
1; mode=block
expires
Mon, 20 Dec 2021 03:00:04 GMT
AmazonWebServicesBlog
feeds.feedburner.com/~ff/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=dnMXMwOfBR0
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
d76f32f8bd2f4896065ce24a53a651b8b31f8518eeffef24d8ff3b7942a2437b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
x-content-type-options
nosniff
server
GSE
etag
8QBjG7c8/sQuhDR26KDUQ+59BcM
content-type
image/gif
cache-control
max-age=603084
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1051
x-xss-protection
1; mode=block
expires
Wed, 22 Dec 2021 19:20:51 GMT
AmazonWebServicesBlog
feeds.feedburner.com/~ff/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=7Q72WNTAKBA
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
a2b9c28205959e1323e482a8ebab65490ba2200da1665b75004947fbc4e18672
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
x-content-type-options
nosniff
server
GSE
etag
IDawmln7mA9Ww+FiBXA+Xtz928I
content-type
image/gif
cache-control
max-age=602938
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1053
x-xss-protection
1; mode=block
expires
Wed, 22 Dec 2021 19:18:25 GMT
codeguru-secrets-manager-1024x795.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/22/ 		772 KB
773 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/22/codeguru-secrets-manager-1024x795.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-92.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a97e731cbb8c8f2fd76edc5ff46950f4548da821813db1770d62cbd710cd168a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
cgC7Wagwmpb4ARt83TrV5Qnu8XXsfh38
via
1.1 adb1b226e6965f6206603ba087bd4a0a.cloudfront.net (CloudFront)
last-modified
Mon, 22 Nov 2021 12:48:38 GMT
server
AmazonS3
age
22
etag
"abea87b3b8c115fcd69f4228f96cbb6d-1"
x-cache
Hit from cloudfront
content-type
image/png
date
Wed, 15 Dec 2021 19:49:06 GMT
x-amz-cf-pop
FRA2-C1
content-length
790114
x-amz-cf-id
DtpKfWMMH8Zkb74AeJFSLQQA8AxkBUvMnd21PHaSCFoyseVrYNHX2w==
codeguru-associate-repository-1024x807.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/26/ 		266 KB
266 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/26/codeguru-associate-repository-1024x807.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-92.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b16ee208e163e440832f7c31333c523ec8d0635bb1b2d332d733c1feb73dbf97

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
tQYPc0YprnBq_R3FSUM.EMUyAanD0GVs
via
1.1 adb1b226e6965f6206603ba087bd4a0a.cloudfront.net (CloudFront)
last-modified
Fri, 26 Nov 2021 12:12:54 GMT
server
AmazonS3
age
22
etag
"928b6c5f1f3973465fdb28a96460b4af-1"
x-cache
Hit from cloudfront
content-type
image/png
date
Wed, 15 Dec 2021 19:49:06 GMT
x-amz-cf-pop
FRA2-C1
content-length
271919
x-amz-cf-id
AHVUwBB_F5alDwHKic9Kcd6lfFIdZ4Yfrk2WYj6Vd7N0q7nDTg_Jmw==
codeguru-secrets-analysis-list-1024x323.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/ 		94 KB
95 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/codeguru-secrets-analysis-list-1024x323.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-92.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9cc42edd3434423ba5ed7bab4141062c32ca45432ee495b4db48399fcf625a56

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
YWiPV7Yh3VYQkSrtBp7Kyxrkh_nAIQkM
via
1.1 adb1b226e6965f6206603ba087bd4a0a.cloudfront.net (CloudFront)
last-modified
Wed, 24 Nov 2021 09:33:15 GMT
server
AmazonS3
age
22
etag
"b5ebef68c0c71305f72256c4487ede6f-1"
x-cache
Hit from cloudfront
content-type
image/png
date
Wed, 15 Dec 2021 19:49:06 GMT
x-amz-cf-pop
FRA2-C1
content-length
96582
x-amz-cf-id
fOHKrh4MRCqsxl7QggKQF2a8LcsUIfk68-goPy1SilVdm8n4n6olpw==
codeguru-secrets-recommendations-1024x421.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/ 		166 KB
166 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/codeguru-secrets-recommendations-1024x421.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-92.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
96a96229c6397e7b5b44811bee268f7f6dfcfdd2703efdba8e348f311d0fa6db

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
ECTE0akn3piQLdu9Q7lR5ZJJxl0iKzgq
via
1.1 adb1b226e6965f6206603ba087bd4a0a.cloudfront.net (CloudFront)
last-modified
Wed, 24 Nov 2021 17:42:03 GMT
server
AmazonS3
age
22
etag
"a4730d087542ed55feb95b73b7cb0f64-1"
x-cache
Hit from cloudfront
content-type
image/png
date
Wed, 15 Dec 2021 19:49:06 GMT
x-amz-cf-pop
FRA2-C1
content-length
169593
x-amz-cf-id
LJ9CLI-ge9HikoxsUoHODn4jTGwAPfg63IJv-1F3JwRAj_yrlgkKAg==
codeguru-github-1024x407.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/26/ 		247 KB
247 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/26/codeguru-github-1024x407.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-92.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6a484ab3ab55740d1b51dab8f319f0778053dc10f6cff128f5f76e76625cc5e5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
LQmUNdZa2Z3VuOlxdcA.D2_4tFmB9y2x
via
1.1 adb1b226e6965f6206603ba087bd4a0a.cloudfront.net (CloudFront)
last-modified
Fri, 26 Nov 2021 12:12:26 GMT
server
AmazonS3
age
22
etag
"70a8c0e58fcd9fc6701856acacf14137-1"
x-cache
Hit from cloudfront
content-type
image/png
date
Wed, 15 Dec 2021 19:49:06 GMT
x-amz-cf-pop
FRA2-C1
content-length
252470
x-amz-cf-id
7e6cuEYn6ycRfKe1dGcAOCHFHciJmrpDBfX81xS4NdNPV2vC2Efwnw==
codeguru-secrets-manager-popup-1024x419.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/26/ 		197 KB
198 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/26/codeguru-secrets-manager-popup-1024x419.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-92.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
edddcb46193aacdf88726f8250fd0248b2dd411d392b3288ea04ab9e9e6bd526

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
0myyRpUxG.o.OGUTkF7DP7aH6sKV4eMA
via
1.1 adb1b226e6965f6206603ba087bd4a0a.cloudfront.net (CloudFront)
last-modified
Fri, 26 Nov 2021 12:13:39 GMT
server
AmazonS3
age
22
etag
"079fff016d60236ea339e17d4786be4e-1"
x-cache
Hit from cloudfront
content-type
image/png
date
Wed, 15 Dec 2021 19:49:06 GMT
x-amz-cf-pop
FRA2-C1
content-length
202117
x-amz-cf-id
jBs_A250yV3tNxHg-3g9plCL3l6LhZt_yjrhXU9pPPR0jRR5j46hmg==
secrets-manager-store-new-secret-1-1024x703.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/ 		139 KB
139 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/secrets-manager-store-new-secret-1-1024x703.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-92.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
09dec90213d3b1f9af1a0133e35843f22241aafe04b0d2a1983b69116abfddc1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
QNWc1r9zEhfZbNG81DShOMjdgwVrT6xv
via
1.1 adb1b226e6965f6206603ba087bd4a0a.cloudfront.net (CloudFront)
last-modified
Wed, 24 Nov 2021 09:39:45 GMT
server
AmazonS3
age
22
etag
"114cb9341d3eabcac573108a38ebc73f-1"
x-cache
Hit from cloudfront
content-type
image/png
date
Wed, 15 Dec 2021 19:49:06 GMT
x-amz-cf-pop
FRA2-C1
content-length
142238
x-amz-cf-id
uvXiOBhv5DkdguMejocBzPY4yWv6ljrKtZJUZY51qEFREPxKKJBJ9Q==
secrets-manager-sample-code-1024x662.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/22/ 		309 KB
310 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/22/secrets-manager-sample-code-1024x662.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-92.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6fcd9dea2794290acd1f2e793fcfef9232545fff93270744e79e30d9de0e0e61

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
1uKtzXVl9B2T0DARloPafecHhsJV8.Jc
via
1.1 adb1b226e6965f6206603ba087bd4a0a.cloudfront.net (CloudFront)
last-modified
Mon, 22 Nov 2021 13:05:32 GMT
server
AmazonS3
age
22
etag
"6d79dd654708c4f68b793149572eb9fc-1"
x-cache
Hit from cloudfront
content-type
image/png
date
Wed, 15 Dec 2021 19:49:06 GMT
x-amz-cf-pop
FRA2-C1
content-length
316809
x-amz-cf-id
tcfBRKMAD0uICKxB7hSR8vdRyVhqZse9qW9sJAhdZyn5El9mSlJAqg==
2021-aws-iot-roborunner-1.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/ 		990 KB
993 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/2021-aws-iot-roborunner-1.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-92.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d777536c363f541d3a0a29627c1294ed6c6c0889011ea21d8d4eb859c9aef31b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
4JHI_oNpw_8z2eSQ4TUVmDmuKiVaxZs7
via
1.1 adb1b226e6965f6206603ba087bd4a0a.cloudfront.net (CloudFront)
last-modified
Wed, 24 Nov 2021 22:57:01 GMT
server
AmazonS3
age
22
etag
"16e8631a526d48c810baec9d90b66685-1"
x-cache
Hit from cloudfront
content-type
image/png
date
Wed, 15 Dec 2021 19:49:06 GMT
x-amz-cf-pop
FRA2-C1
content-length
1013820
x-amz-cf-id
c7eIhEd78I_ELAVRAz6Lu6EcS620b8TaC2fwlRHaR0kTyg4fKbUnJA==
2021-aws-iot-roborunner-2.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/ 		674 KB
675 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/2021-aws-iot-roborunner-2.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-92.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a29d510cc6827794383ee2d8aaa0ff664aec760c9bfb99bf5c179c41c97aac48

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
rpOeZcWCoDNQee2qVb0DsibBDbbjiLyQ
via
1.1 adb1b226e6965f6206603ba087bd4a0a.cloudfront.net (CloudFront)
last-modified
Wed, 24 Nov 2021 22:57:42 GMT
server
AmazonS3
age
22
etag
"2e175c77d0d5a2846cfd12c50e1e8937-1"
x-cache
Hit from cloudfront
content-type
image/png
date
Wed, 15 Dec 2021 19:49:06 GMT
x-amz-cf-pop
FRA2-C1
content-length
689890
x-amz-cf-id
23GwdI0FTFgeozINhVFxPEUVhmNUxG1-bEgV1yjljeVvJ3tOrf5kfA==
2021-aws-iot-roborunner-3.png
d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/ 		1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/11/24/2021-aws-iot-roborunner-3.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-92.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7d4767763ce995c13decef23ba129277c5a6e2682ecb104c8e06d2ca0af00137

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
K3Qf0bxcI_txF_iMA.3FY7v1i3Y5MSMv
via
1.1 adb1b226e6965f6206603ba087bd4a0a.cloudfront.net (CloudFront)
last-modified
Wed, 24 Nov 2021 23:00:19 GMT
server
AmazonS3
age
22
etag
"2e489c9f408199d54a57e71836c4ef5f-1"
x-cache
Hit from cloudfront
content-type
image/png
date
Wed, 15 Dec 2021 19:49:06 GMT
x-amz-cf-pop
FRA2-C1
content-length
1206076
x-amz-cf-id
GpYE8CUJ3f2AMTWfa_2kXF2Iq6O_79MTZVBqjTLt_ynypg-vjT-pRw==
/
www.facebook.com/csp/reporting/ Frame 2DC3 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
alBeAixAU4KSYukRbm9XeEC15HTfJfI/nA99g2ChLDhjBZwSl6xv/W1+jUgwI1h8Qsq+7QWvZ6ddRQL6tjBuhw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:27 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2DC3 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
rsRImBTq+f6rAKx8ZG71QiuS5pRvuqJQ4LjTryTlENa2jx87ijB1A3l/opZYTSC2GSr7hJAn90dM3yok5eJIGw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:27 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2DC3 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
9TWXxz6GMOqDNjYjYHmyOhsjIOjVTgiy9fK9iYAc7K8Znl3iPvOdF/KGw8NIHRRqvQsltllpDMWYJQQ5Qp0yCw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:27 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2DC3 		0
36 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
d0kurhnqWWsdMcT0zkkxwJyJ/x4eN3wdK+IkwyAtEiEnBT9XWVJ72yBNeoeRZJa8dsiIvIuQP8d4VYSFHF7EsA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:27 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2DC3 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
07Q367B9p3X1myKo0+Kr/S88lbB0wgLSp6KdeVA87nEFOdGMAoALWUon+gUFynMP6bOC+w9sgljZ2hyFE8vtGA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:27 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2DC3 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
8YhwmSo+jM6T0dYQf2WW0s1ELWnDYtpeJIjxRb8UWZkW/Ofm8P87tDfQ8KffLxESS5S2FCfKgwxaZatasylPKQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:27 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2DC3 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
XFKBa4yF/R1ev2EW2U0Np7+hzfbsKcGUcDXAmOJn86gmWZkt5JWOOn8s+q9GxP95IX9xyTOucsEkCb9dNUmO1w==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:27 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2DC3 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
Fomama89qJazrIeFeXzx+f2nGqIl01j6ICz/rhjx1sAgBPLzhO9fr9hTgah4LTk/LUDcGo3bvgqmkGacH6Rndw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:27 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2DC3 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
3Shw1c/QzAkadqUQ2FMZLslt+AZRTXFMiXlIWJoyL7N0Wp1suBUQLI52pNCTkjrqEGBPZpWzq11Cf822hP7mAw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:27 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2DC3 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
neSBNO+avjoffOntQR8loJAI4+yBQ4+le2CKgLQxbhwTzYfbeWmY/aHHqPH//NdKM3S7+/yGcLkAfE7OBZy2/Q==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:27 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2DC3 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
57Pu/yhrUTRMqY9472luDRzySj7nVi7TIkNVpQ1F41cG71XUlc1lMvhaunyZJNjdMWowlCo6tOr4yhslaDG+cQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:27 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2DC3 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
yoy6XaO5/M30U7/K561PnL3fgcg/QBGrEKP2dOYxrDgAprpqW7Ew5rGZ+3mirv2JQxQA+0x1Q4b/J17tU2xlog==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:27 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2DC3 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
UitdZw76mH9NOzJuYQRiZwAeDrAod1Mjm0KG9iiwuxsbnzqlXzLgsEzdxpXVqN39gAjs+2qkTAy3Za8cQIt1wQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:27 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2DC3 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
E0DQx+iFtLaWaw64yexW1RjFq/YC+RezMN4juSQWP+wgKQA/iHCmbnNXohNiHsTzYhUmKhcVye5COF7YypJ9JQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:27 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2DC3 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
eYXJOjZVDGP3BwG1yYqx50C3mU43ix0h7Q/BSyDTVd6c+eerwKA5FrBX/6HVl0fv2dypv2839yc7MxnyfMwRrA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:27 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2DC3 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
hcGwsNJzoU5KTuRxK81ggcgsm9NQaCdfAFnmx52LVA6WgQHOixMUwbTKVBa8qvX190I0CFgkDduxweRsQvtxMQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:27 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2DC3 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
7qm7fCxeeqYmTu+8Ra19NxWBv7zsi8CslG2HOVm8PzHmFKJj6knF83OcgDv60o5qZJykzspAU6Dwps3WUWPHBg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:27 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2DC3 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
j24lTMLdjOqVE/25H9bULVZcVNZnUGf6J59SRgDS+nZBLfRAdMzhTPoo1YtWk24ANZZFQWUnlSTMmBMVAVA3jg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:27 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2DC3 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
VgqENPd1GChZ0bBapBqXOogBrOpaALAdbz+01Fh6Gih6JY9Fx2T1sYy59PubTX1084AkNbRNC2lQIv47lZ8MBQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:27 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2DC3 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
obzfN7zq6tcrCV+4AN+v1dcv6BzFLEq3c5G/Q0ubrSaIUrVKu7cZoySfDgMqi7pqnHt/z5WS+S4YPCoUKwpiRg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:27 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2DC3 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
lEX2JZTsEVWkjdhrAn0COaofsh8J2gEaSFAMNEhaOeeG6CL39NkMHXjHFOlKwfGyvmtZyJl8BN9YrAn1zjrtyA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 15 Dec 2021 19:49:27 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.aiupnow.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.aiupnow.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 32FB 		71 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766573&bpp=1&bdt=295&idt=463&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1669&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=SDdx8B8AWf&p=https%3A//www.aiupnow.com&dtd=467
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0b61542954b75c8dfe0893bd4a395c9f925388e0876e398c1c820dcc847943ea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 15 Dec 2021 19:49:27 GMT
server
cafe
content-length
27612
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:27 GMT
cache-control
private
nth.png
1.bp.blogspot.com/-eAeO-DYJDws/Vkqtj4HFBFI/AAAAAAAAB0o/Q5OLsyONXM0/s1600-r/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.bp.blogspot.com/-eAeO-DYJDws/Vkqtj4HFBFI/AAAAAAAAB0o/Q5OLsyONXM0/s1600-r/nth.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
6ca0ba132e317aa25845976719aecc3fbc11dfbe15c1ca37809b1d0d39bcf8c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 16:03:13 GMT
x-content-type-options
nosniff
age
13574
content-disposition
inline;filename="nth.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1439
x-xss-protection
0
server
fife
etag
"v74b"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 05 Oct 2021 18:04:54 GMT
/
disqus.com/embed/comments/ Frame C2BF 		7 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4bd97569f19339108d50e204a239bf8a3659823bc4a4c6011cc6a686ad5e4922
Security Headers
Name Value
Content-Security-Policy script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

Connection
keep-alive
Content-Length
2801
Server
nginx
Content-Type
text/html; charset=utf-8
Content-Security-Policy
script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Last-Modified
Wed, 15 Dec 2021 12:18:33 GMT
ETag
W/"lounge:view:8927097210.bbad8d8423660e7c629bbb0b0793d7d0.2"
Link
<https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control
stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Referrer-Policy
no-referrer-when-downgrade
Timing-Allow-Origin
*
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Encoding
gzip
Date
Wed, 15 Dec 2021 19:49:27 GMT
Age
23
Vary
Accept-Encoding
Cross-Origin-Resource-Policy
cross-origin
Strict-Transport-Security
max-age=300; includeSubdomains
postmessageRelay
accounts.google.com/o/oauth2/ Frame DBFC 		566 B
859 B 		Document
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.aiupnow.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=auth/exm=profile,ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1282ae2ba066330f7b12683db095c4ebf8ad69ab1d91517644c4a0b28571e580
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-HhCC7hkVIWh9sNwLgRlQuA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 15 Dec 2021 19:49:27 GMT
content-security-policy
script-src 'report-sample' 'nonce-HhCC7hkVIWh9sNwLgRlQuA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding
gzip
server
ESF
x-xss-protection
0
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sync_cookie_image_decide
mc.yandex.com/
Redirect Chain
  • https://mc.yandex.com/sync_cookie_image_check
  • https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9488.yBD6OooPph0YhHkdvysa0fIFWNspswJDDq_-OIdV7glk-XPbZYPQaUb_6-pI0ef4.yIv5QxMbJYilsz9O011OVE-4yFs%2C
  • https://mc.yandex.com/sync_cookie_image_decide?token=9488.wBjxFeK7vclJkKhmvzToi20KoqPAQjtUTCAuxaOFw4t-ocmVozMDKgQCmP1VrDGX0r7gwUvcCbgoqfzuSBZYDw%2C%2C.AxV6lBxREQ6fUk0zEFcO5rJ72Uo%2C
75 B
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mc.yandex.com/sync_cookie_image_decide?token=9488.wBjxFeK7vclJkKhmvzToi20KoqPAQjtUTCAuxaOFw4t-ocmVozMDKgQCmP1VrDGX0r7gwUvcCbgoqfzuSBZYDw%2C%2C.AxV6lBxREQ6fUk0zEFcO5rJ72Uo%2C
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
strict-transport-security
max-age=31536000
content-length
75
x-xss-protection
1; mode=block
content-type
text/html; charset=utf-8

Redirect headers

location
https://mc.yandex.com/sync_cookie_image_decide?token=9488.wBjxFeK7vclJkKhmvzToi20KoqPAQjtUTCAuxaOFw4t-ocmVozMDKgQCmP1VrDGX0r7gwUvcCbgoqfzuSBZYDw%2C%2C.AxV6lBxREQ6fUk0zEFcO5rJ72Uo%2C
date
Wed, 15 Dec 2021 19:49:27 GMT
strict-transport-security
max-age=31536000
x-xss-protection
1; mode=block
dmp.jq_flight.3033f0d7176196134921.js
static1.dmcdn.net/playerv5/ Frame 9407 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.jq_flight.3033f0d7176196134921.js
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
e4617a5b39cda8cd99c5725cd79a12bf58f402b90f76c364ec7de7852ec15050

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
age
376382
server-timing
total;dur=0, dc;desc="dc3"
content-length
14940
last-modified
Thu, 09 Dec 2021 09:16:40 GMT
server
DMS/1.0.42
etag
"61b1c978-a5dc"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
b6561158aca4b76899c1c69cf03006a7
expires
Mon, 10 Jan 2022 11:16:25 GMT
dmp.manifest.a8563fface00cf3c9b95.js
static1.dmcdn.net/playerv5/ Frame 9407 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.manifest.a8563fface00cf3c9b95.js
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
a2c0acdd5bc625dde811cbe3d364688921eef737a6663a070cef6995a4fdb84b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
age
20123
server-timing
total;dur=0, dc;desc="dc3"
content-length
2043
last-modified
Wed, 15 Dec 2021 14:10:03 GMT
server
DMS/1.0.42
etag
"61b9f73b-1085"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
33b24364deeeabe9734ae5b60b54dcb0
expires
Fri, 14 Jan 2022 14:14:04 GMT
dmp.vendor.dc19b5e1e17ebe5b97db.js
static1.dmcdn.net/playerv5/ Frame 9407 		332 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
50f875818c12b4bac50d2ac2bb80e0edab07d6172d77641c305daf077f2c34ad

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
age
376382
server-timing
total;dur=0, dc;desc="dc3"
content-length
102538
last-modified
Thu, 09 Dec 2021 09:16:30 GMT
server
DMS/1.0.42
etag
"61b1c96e-531cd"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
21e8ae12bdbe826fe336bfbc2a6361b9
expires
Mon, 10 Jan 2022 11:16:25 GMT
dmp.main.6d671f5d9b1fba0ca616.js
static1.dmcdn.net/playerv5/ Frame 9407 		210 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.main.6d671f5d9b1fba0ca616.js
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
db01487388f15a4c0cb6c6e28ca365fc9a9e0855a90894665baa6f582c9e50b6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
age
376383
server-timing
total;dur=0, dc;desc="dc3"
content-length
49333
last-modified
Thu, 09 Dec 2021 09:16:30 GMT
server
DMS/1.0.42
etag
"61b1c96e-347b9"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
43316d588a6065a45f4f88ae970c9327
expires
Mon, 10 Jan 2022 11:16:24 GMT
dmp.svg_critical.2202bba64ea46ecc7424.js
static1.dmcdn.net/playerv5/ Frame 9407 		11 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.svg_critical.2202bba64ea46ecc7424.js
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
e578fda3845b781d5c0045ae9c5dc94257e613d1c93d5155720c10453e44e91a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
age
376382
server-timing
total;dur=0, dc;desc="dc3"
content-length
2586
last-modified
Thu, 09 Dec 2021 09:16:30 GMT
server
DMS/1.0.42
etag
"61b1c96e-2da4"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
7849a6d0c43bacb575831748e4f356ce
expires
Mon, 10 Jan 2022 11:16:25 GMT
subscribe_button_branded_lozenge.png
www.youtube.com/s/subscriptions/subscribe_embed/img/ Frame 6C86 		156 B
179 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.youtube.com/s/subscriptions/subscribe_embed/img/subscribe_button_branded_lozenge.png
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/subscriptions/subscribe_embed/css/www-subscribe-embed_split_v0.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cdb5ca36664e6906c51c4336873d7b45f29cb48c3b3188c853980813da650712
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/s/subscriptions/subscribe_embed/css/www-subscribe-embed_split_v0.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 09:51:49 GMT
x-content-type-options
nosniff
last-modified
Fri, 18 Sep 2020 20:15:00 GMT
server
sffe
age
35858
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/png
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
156
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 15 Dec 2022 09:51:49 GMT
a5c35f20-fc4c-11ea-bf7d-637e870d3191
s.yimg.com/os/creatr-uploaded-images/2020-09/ 		175 KB
175 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.yimg.com/os/creatr-uploaded-images/2020-09/a5c35f20-fc4c-11ea-bf7d-637e870d3191
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
e33de29236bd945ad5963c32fd373b982e0970b3a1f784b8e7ae07d7be8c254d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 10:13:34 GMT
x-content-type-options
nosniff
age
466554
x-amz-server-side-encryption
AES256
x-amz-storage-class
STANDARD_IA
strict-transport-security
max-age=15552000
content-length
179043
x-amz-id-2
/cqDgtAWaTTrA3wwpR0YLLKkRKuIpDqm59Fow3b7JifTobMi45kONCFnm0QTTdjRLDMPQ6dAGPc=
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 21 Sep 2020 20:54:33 GMT
server
ATS
etag
"f2674983881b2078fcc17208ca7fa426"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin
x-amz-request-id
4DDGN6VJ94MY3753
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=604800
x-amz-version-id
null
accept-ranges
bytes
content-type
image/jpeg
fdad0470-fc4c-11ea-a947-18dc38fbf5d1
media-mbst-pub-ue1.s3.amazonaws.com/creatr-uploaded-images/2020-09/ 		242 KB
242 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media-mbst-pub-ue1.s3.amazonaws.com/creatr-uploaded-images/2020-09/fdad0470-fc4c-11ea-a947-18dc38fbf5d1
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.101.51 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
cbf52478eea923d6c8559defe2bd5ce6f23107952a3ab8056d0d2d97df20a79e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
Date
Wed, 15 Dec 2021 19:49:28 GMT
Last-Modified
Mon, 21 Sep 2020 20:57:00 GMT
Server
AmazonS3
x-amz-request-id
5XFNQXQV8XY5FZ51
ETag
"7407eb6de1fb6ccfb8ffde0f64f2a7de"
x-amz-version-id
null
x-amz-storage-class
STANDARD_IA
Cache-Control
max-age=604800
Accept-Ranges
bytes
Content-Type
image/jpeg
Content-Length
247619
x-amz-id-2
nZftW1637AGt4My1LCjs37/Y1jx5gkTENMc60Nst42MjXYQ1SAyolxFpFLg8G01C/22vBttcrwU=
9c9d6c80-fc4f-11ea-afdb-ecca84ac1198
media-mbst-pub-ue1.s3.amazonaws.com/creatr-uploaded-images/2020-09/ 		198 KB
198 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media-mbst-pub-ue1.s3.amazonaws.com/creatr-uploaded-images/2020-09/9c9d6c80-fc4f-11ea-afdb-ecca84ac1198
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.101.51 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
17710b0cbda106bd59c9bb320d152a06bba83cfed9e8a171b4e63f48adfc0a09

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
Date
Wed, 15 Dec 2021 19:49:28 GMT
Last-Modified
Mon, 21 Sep 2020 21:15:46 GMT
Server
AmazonS3
x-amz-request-id
5XFKNV547X1HAXEB
ETag
"2806512b949617bd4ea79a2998ae6f56"
x-amz-version-id
null
x-amz-storage-class
STANDARD_IA
Cache-Control
max-age=604800
Accept-Ranges
bytes
Content-Type
image/jpeg
Content-Length
202394
x-amz-id-2
scdPEWqt5Kyulf8slEKE3Ac6jk0IfJA+93ThSPyWlG4zgaSUXbCBk2FCv773PGqvcBUiPHH0Ltw=
cec5d390-f9cb-11ea-bbff-fdb7f71204bb
s.yimg.com/os/creatr-uploaded-images/2020-09/ 		602 KB
603 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.yimg.com/os/creatr-uploaded-images/2020-09/cec5d390-f9cb-11ea-bbff-fdb7f71204bb
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
4512240dca2a59d6f18502229269f36846e194a33015ca8ca1a93a3535fb333b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:06 GMT
x-content-type-options
nosniff
age
22
x-amz-server-side-encryption
AES256
x-amz-storage-class
STANDARD_IA
strict-transport-security
max-age=15552000
content-length
616800
x-amz-id-2
MvMa/PZztU0+yO84zuJDELx9EerJPI2WHnXHml/H2ZzUWWzx3iKFN1La/9AGRb87JgV/xWcW90o=
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 18 Sep 2020 16:27:14 GMT
server
ATS
etag
"b714aca3e727c20fe1de572d1efec1c9"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin
x-amz-request-id
6GCG5CVAEQYZ2FY1
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=604800
x-amz-version-id
null
accept-ranges
bytes
content-type
image/jpeg
61de0c60-f783-11ea-bd7d-46dcedba277c
s.yimg.com/os/creatr-uploaded-images/2020-09/ 		267 KB
267 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.yimg.com/os/creatr-uploaded-images/2020-09/61de0c60-f783-11ea-bd7d-46dcedba277c
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
33fb4f945a35b6ccaf4d19c0e6d1d8ad39736c430884b7090fc0f965d3f748ad
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 09 Dec 2021 19:00:33 GMT
x-content-type-options
nosniff
age
521335
x-amz-server-side-encryption
AES256
x-amz-storage-class
STANDARD_IA
strict-transport-security
max-age=15552000
content-length
273173
x-amz-id-2
lPlskTBSH/xjE1BqWD1sf2xPYwW4mfB/Oxe+joePRXoJ9BXufvmQgpJcc9r3UKiYpohm/ity32M=
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 15 Sep 2020 18:43:46 GMT
server
ATS
etag
"72c72917d284ea57345a106ed1cf71c5"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin
x-amz-request-id
VBGW68JWSP3KYWS5
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=604800
x-amz-version-id
null
accept-ranges
bytes
content-type
image/png
dims
o.aolcdn.com/images/ 		108 KB
109 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://o.aolcdn.com/images/dims?crop=3503%2C2332%2C0%2C187&quality=85&format=jpg&resize=1600%2C1065&image_uri=https%3A%2F%2Fs.yimg.com%2Fos%2Fcreatr-images%2F2020-01%2Fe948a190-2da0-11ea-9dff-b2fb563a84d3&client=a1acac3e1b3290917d92&signature=b857e71b6d8217dc50eb08e57400ef8cbd7b2188
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:af6:eab:2108:1892:6d8 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mil/6CA7) /
Resource Hash
d5adf666701b746821cc08cfa7064589419b3e1aa81e6324ddd6843e5bebf082
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
x-content-type-options
nosniff
nel
{"report_to": "default", "max_age": 604800, "include_subdomains": true, "failure_fraction": 1.0, "success_fraction": 0.01}
age
334606
cld_latency
133
edge-cache-tag
214263861983770865837665303362291958282,311762242164315631316587765202362003164,ae7a14591aaf8d474cdb3f92111c923e
cld_cache
MISS
cld_hits
0
x-cache
HIT
strict-transport-security
max-age=31536000
content-length
110825
x-xss-protection
1; mode=block
cld_by
cache-dca17767-DCA
x-served-by
cache-wdc5554-WDC
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 11 Nov 2021 06:43:50 GMT
server
ECAcc (mil/6CA7)
x-timer
S1636670915.453639,VS0,VE70
etag
"f94f1ff240047b54329dc3b043ced59c"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
SAMEORIGIN
report-to
{"group": "default", "max_age":604800, "endpoints":[{"url":"https://report.vdms.com/","priority":1 }, {"url":"https://nelcollector.sre.ecsvc.net/report","priority":2 }]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0
follow.0a706f0e.css
open.scdn.co/cdn/build/follow/ Frame 1C4D 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/build/follow/follow.0a706f0e.css
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d53fc34a8a2122326a547282899df3aa84a3def278217628e218ba771c4305cb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:27 GMT
Content-Encoding
gzip
Last-Modified
Tue, 14 Sep 2021 18:46:56 GMT
Age
6035111
ETag
"a9ad2dfe3e9e46234acb05f652cf0260"
X-Served-By
cache-ord1724-ORD, cache-hhn11566-HHN
X-Cache
HIT, HIT
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
1310
X-Cache-Hits
1, 12035
vendor~follow.ef331d43.js
open.scdn.co/cdn/build/follow/ Frame 1C4D 		116 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/build/follow/vendor~follow.ef331d43.js
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c8520c4df0969be1603059e7639e03decb805f23feb63736ba40f00365156caa

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:27 GMT
Content-Encoding
gzip
Last-Modified
Wed, 01 Dec 2021 16:26:02 GMT
Age
1221628
ETag
"395be2330d0d79dc39a74e34ede9cde0"
X-Served-By
cache-ord1727-ORD, cache-hhn11579-HHN
X-Cache
HIT, HIT
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
36736
X-Cache-Hits
1, 7327
follow.a43eb8b5.js
open.scdn.co/cdn/build/follow/ Frame 1C4D 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/build/follow/follow.a43eb8b5.js
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
00b61ddd115228a88bb2c3ce857b92524ef040ae538ac0f983e7055177def3ec

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:27 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Dec 2021 18:06:51 GMT
Age
5944
ETag
"785495232621291776d1d50b1062270f"
X-Served-By
cache-ord1733-ORD, cache-hhn11549-HHN
X-Cache
HIT, HIT
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
5022
X-Cache-Hits
2, 84
steelseries-arctis-pro-sehero-1.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/steelseries-arctis-pro-sehero-1.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7b453f1fdc46e7e8f7716c152f833ed3b87b4980a80070ae41b033ad31a7b4c1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
cf-cache-status
HIT
age
22
cf-polished
qual=85, origFmt=jpeg, origSize=27734
content-disposition
inline; filename="steelseries-arctis-pro-sehero-1.webp"
content-length
15936
last-modified
Tue, 14 Jul 2020 15:22:20 GMT
server
cloudflare
etag
"5f0dcdac-6c56"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Sat, 15 Jan 2022 19:49:05 GMT
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be231fd7ab94aa9-FRA
cf-bgj
imgq:85,h2pri
steelseries-arctis-pro-dac-cropped.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/04/ 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/04/steelseries-arctis-pro-dac-cropped.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a43b5bfc058d5b10e20d84c9dc83bd1d825fc472b165f0a837fdb02d7ca6c37a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
cf-cache-status
HIT
age
17618
cf-polished
qual=85, origFmt=jpeg, origSize=41515
content-disposition
inline; filename="steelseries-arctis-pro-dac-cropped.webp"
content-length
24688
last-modified
Tue, 02 Jun 2020 15:50:58 GMT
server
cloudflare
etag
"5ed67562-a22b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Sat, 15 Jan 2022 14:55:49 GMT
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be231fd7ac34aa9-FRA
cf-bgj
imgq:85,h2pri
hyper-x-cloud-alpha-blackout-sehero-1.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/hyper-x-cloud-alpha-blackout-sehero-1.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bdb3f79992994955bff565f267625856ec3e1233655b4dbbe541d5388e23ff14

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
cf-cache-status
HIT
age
22
cf-polished
qual=85, origFmt=jpeg, origSize=20763
content-disposition
inline; filename="hyper-x-cloud-alpha-blackout-sehero-1.webp"
content-length
10098
last-modified
Tue, 14 Jul 2020 15:15:58 GMT
server
cloudflare
etag
"5f0dcc2e-511b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Sat, 15 Jan 2022 19:49:05 GMT
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be231fd9afe4aa9-FRA
cf-bgj
imgq:85,h2pri
hyper-x-cloud-alpha-se-hero.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/hyper-x-cloud-alpha-se-hero.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1d864116e0b3550c089260b388b01a6cb3bad6e7d3e04237269d35821b13962

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
cf-cache-status
HIT
age
22
cf-polished
qual=85, origFmt=jpeg, origSize=54976
content-disposition
inline; filename="hyper-x-cloud-alpha-se-hero.webp"
content-length
31874
last-modified
Tue, 14 Jul 2020 15:08:12 GMT
server
cloudflare
etag
"5f0dca5c-d6c0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Sat, 15 Jan 2022 19:49:05 GMT
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be231fd9b004aa9-FRA
cf-bgj
imgq:85,h2pri
blackshark-v2-t1bg.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/blackshark-v2-t1bg.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c3f0b6818ed7aea219cc8b97ec0abb8f6e04d4f106a3cb8fb01806723469d511

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
cf-cache-status
HIT
age
22
cf-polished
qual=85, origFmt=jpeg, origSize=13434
content-disposition
inline; filename="blackshark-v2-t1bg.webp"
content-length
6282
last-modified
Fri, 31 Jul 2020 13:22:24 GMT
server
cloudflare
etag
"5f241b10-347a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Sat, 15 Jan 2022 19:49:05 GMT
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be231fd9b024aa9-FRA
cf-bgj
imgq:85,h2pri
51jmb3ciuhl._ac_sl1500_.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		36 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/51jmb3ciuhl._ac_sl1500_.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
436c498b9189885ad7a202470b3901203a6cf09e0f4ab2c80c81418d3489b750

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
cf-cache-status
HIT
age
22
cf-polished
qual=85, origFmt=jpeg, origSize=54806
content-disposition
inline; filename="51jmb3ciuhl.webp"
content-length
37112
last-modified
Fri, 31 Jul 2020 13:22:25 GMT
server
cloudflare
etag
"5f241b11-d616"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Sat, 15 Jan 2022 19:49:05 GMT
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be231fd9b054aa9-FRA
cf-bgj
imgq:85,h2pri
razer-nari-ultimate-sehero-1.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/razer-nari-ultimate-sehero-1.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9fe12a050717d2f8f1ca073b95098e0bf3d86a44ebfc0ea2496c7a7b0dce6b1f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
cf-cache-status
HIT
age
22
cf-polished
qual=85, origFmt=jpeg, origSize=28185
content-disposition
inline; filename="razer-nari-ultimate-sehero-1.webp"
content-length
15580
last-modified
Tue, 14 Jul 2020 15:54:30 GMT
server
cloudflare
etag
"5f0dd536-6e19"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Sat, 15 Jan 2022 19:49:05 GMT
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be231fd9b074aa9-FRA
cf-bgj
imgq:85,h2pri
razer-nari-ultimate-se_0.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/04/ 		52 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/04/razer-nari-ultimate-se_0.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7287ce2ca39d008d5cd0aa339903ab9d578171606da1b04ad60956d769176de1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
cf-cache-status
HIT
age
22
cf-polished
qual=85, origFmt=jpeg, origSize=86296
content-disposition
inline; filename="razer-nari-ultimate-se_0.webp"
content-length
53424
last-modified
Tue, 16 Jun 2020 21:10:15 GMT
server
cloudflare
etag
"5ee93537-15118"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Sat, 15 Jan 2022 19:49:05 GMT
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be231fd9b084aa9-FRA
cf-bgj
imgq:85,h2pri
plugable-onyx-sehero-1.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/plugable-onyx-sehero-1.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b03c5ad67ed44a6bfb629dc721a66b6a9a05516ec54f2b44aec251bdd3016974

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
cf-cache-status
HIT
age
22
cf-polished
qual=85, origFmt=jpeg, origSize=19421
content-disposition
inline; filename="plugable-onyx-sehero-1.webp"
content-length
9754
last-modified
Wed, 15 Jul 2020 10:43:34 GMT
server
cloudflare
etag
"5f0eddd6-4bdd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Sat, 15 Jan 2022 19:49:05 GMT
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be231fd9b0b4aa9-FRA
cf-bgj
imgq:85,h2pri
plugable-onyx-headset.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/10/ 		37 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/10/plugable-onyx-headset.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
68a31c7d9e97e5298c6ca63efceeb82934c56959710f8381086968ce97ef096b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
cf-cache-status
HIT
age
22
cf-polished
qual=85, origFmt=jpeg, origSize=58597
content-disposition
inline; filename="plugable-onyx-headset.webp"
content-length
37786
last-modified
Tue, 02 Jun 2020 13:24:43 GMT
server
cloudflare
etag
"5ed6531b-e4e5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Sat, 15 Jan 2022 19:49:05 GMT
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be231fd9b0d4aa9-FRA
cf-bgj
imgq:85,h2pri
turtle-beach-elite-aero-sehero-1.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/turtle-beach-elite-aero-sehero-1.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1184eaa5a8479aace795d63e8a6198e87229358f756f81721a37cf7f3adae457

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
cf-cache-status
HIT
age
368347
cf-polished
qual=85, origFmt=jpeg, origSize=24505
content-disposition
inline; filename="turtle-beach-elite-aero-sehero-1.webp"
content-length
14188
last-modified
Wed, 15 Jul 2020 10:58:05 GMT
server
cloudflare
etag
"5f0ee13d-5fb9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Tue, 11 Jan 2022 13:30:20 GMT
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be231fd9b0e4aa9-FRA
cf-bgj
imgq:85,h2pri
turtle-beach-elite-atlas-aero-se.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/01/ 		152 KB
152 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/01/turtle-beach-elite-atlas-aero-se.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c1fed6af0907b4321b97f34f4881f6ee021694567754b4ff26bfe8ff3480b451

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
cf-cache-status
HIT
age
466552
cf-polished
qual=85, origFmt=jpeg, origSize=203462
content-disposition
inline; filename="turtle-beach-elite-atlas-aero-se.webp"
content-length
155558
last-modified
Tue, 21 Jan 2020 14:02:10 GMT
server
cloudflare
etag
"5e270462-31ac6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Mon, 10 Jan 2022 10:13:35 GMT
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be231fdab1c4aa9-FRA
cf-bgj
imgq:85,h2pri
steelseries-arctis-1-sehero-1.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/07/steelseries-arctis-1-sehero-1.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e6f87e479fe96a05167143baf8284070e8e25446568442ef85133ec97ac7cf7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
cf-cache-status
HIT
age
368347
cf-polished
qual=85, origFmt=jpeg, origSize=20134
content-disposition
inline; filename="steelseries-arctis-1-sehero-1.webp"
content-length
10842
last-modified
Wed, 15 Jul 2020 11:12:03 GMT
server
cloudflare
etag
"5f0ee483-4ea6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Tue, 11 Jan 2022 13:30:20 GMT
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be231fdab1e4aa9-FRA
cf-bgj
imgq:85,h2pri
steelseries-arctis-1-wireless-xbox-cyberpunk-2077-edition-cropped.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/05/ 		57 KB
57 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2020/05/steelseries-arctis-1-wireless-xbox-cyberpunk-2077-edition-cropped.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
95e0c2b464ed5653c96fce9be303c13f94bac838f62ba905cfbe1963e8a8fa35

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
cf-cache-status
HIT
age
22
cf-polished
qual=85, origFmt=jpeg, origSize=102893
content-disposition
inline; filename="steelseries-arctis-1-wireless-xbox-cyberpunk-2077-edition-cropped.webp"
content-length
57908
last-modified
Tue, 05 May 2020 12:23:38 GMT
server
cloudflare
etag
"5eb15aca-191ed"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Sat, 15 Jan 2022 19:49:05 GMT
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be231fdab1f4aa9-FRA
cf-bgj
imgq:85,h2pri
richard-avatar.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2018/08/ 		47 KB
47 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2018/08/richard-avatar.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
22ccbc7b42712ef18a6781ae1ecfff95cb5babe6af255a6aadc97b313eda1d19

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
cf-cache-status
HIT
age
22
cf-polished
qual=85, origFmt=jpeg, origSize=87681
content-disposition
inline; filename="richard-avatar.webp"
content-length
48162
last-modified
Wed, 25 Mar 2020 19:33:27 GMT
server
cloudflare
etag
"5e7bb207-15681"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Sat, 15 Jan 2022 19:49:05 GMT
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be231fdab204aa9-FRA
cf-bgj
imgq:85,h2pri
1025269.jpg
passport.mobilenations.com/avatars/000/001/025/ 		49 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://passport.mobilenations.com/avatars/000/001/025/1025269.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:4c34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f615e7ba92273145a27dfc0773e0a936233f96a40cee0eb90cedf8cdcf2e6e0a
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
1082778
cf-polished
origSize=52888, status=webp_bigger
content-length
50603
last-modified
Fri, 15 Mar 2019 16:47:51 GMT
server
cloudflare
etag
"5c8bd737-ce98"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=86400; includeSubDomains
content-type
image/jpeg
expires
Fri, 14 Jan 2022 19:49:27 GMT
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be231fe1f705a01-MXP
cf-bgj
imgq:100,h2pri
XMvfuvRqk3g
feeds.feedburner.com/~r/wmexperts/~4/ 		43 B
59 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://feeds.feedburner.com/~r/wmexperts/~4/XMvfuvRqk3g
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
x-content-type-options
nosniff
server
GSE
content-type
image/gif
cache-control
max-age=3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
1; mode=block
expires
Wed, 15 Dec 2021 20:49:27 +0000
halo-reach-hero.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2018/08/ 		56 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2018/08/halo-reach-hero.jpg?itok=wmHDT0Is
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7029f15b559e64254cbd7fecc09dbb128c9c54511d016ad8f05d7d71424ee1e2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
cf-cache-status
HIT
age
22
cf-polished
qual=85, origFmt=jpeg, origSize=84369
content-disposition
inline; filename="halo-reach-hero.webp"
content-length
57090
last-modified
Tue, 03 Mar 2020 19:14:58 GMT
server
cloudflare
etag
"5e5eacb2-14991"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Sat, 15 Jan 2022 19:49:05 GMT
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be231fdbb394aa9-FRA
cf-bgj
imgq:85,h2pri
halo-reach-se.jpg
www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/11/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.windowscentral.com/sites/wpcentral.com/files/styles/large/public/field/image/2019/11/halo-reach-se.jpg?itok=QwN53No7
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bc37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41dc62838893d877af036548c8dae4693825d6decf866a1aade64d8d942afca7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
cf-cache-status
HIT
age
466551
cf-polished
qual=85, origFmt=jpeg, origSize=18910
content-disposition
inline; filename="halo-reach-se.webp"
content-length
13054
last-modified
Wed, 13 May 2020 01:05:12 GMT
server
cloudflare
etag
"5ebb47c8-49de"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
expires
Mon, 10 Jan 2022 10:13:36 GMT
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
6be231fdbb3c4aa9-FRA
cf-bgj
imgq:85,h2pri
tkpYeuiT0cA
feeds.feedburner.com/~r/wmexperts/~4/ 		43 B
59 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://feeds.feedburner.com/~r/wmexperts/~4/tkpYeuiT0cA
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
x-content-type-options
nosniff
server
GSE
content-type
image/gif
cache-control
max-age=3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
1; mode=block
expires
Wed, 15 Dec 2021 20:49:27 +0000
dims
o.aolcdn.com/images/ 		169 KB
169 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://o.aolcdn.com/images/dims?resize=2000%2C2000%2Cshrink&image_uri=https%3A%2F%2Fs.yimg.com%2Fos%2Fcreatr-uploaded-images%2F2019-03%2F8abb4e90-50b3-11e9-aaff-ba09ebd015cd&client=a1acac3e1b3290917d92&signature=59a74288ccbf5ce945fab394555e468caaeb6c36
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:af6:eab:2108:1892:6d8 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mil/6C94) /
Resource Hash
f5fb80c6ab695aec793967d59c135b29618aad2f987174711a218fc44da08d77
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
x-content-type-options
nosniff
nel
{"report_to": "default", "max_age": 604800, "include_subdomains": true, "failure_fraction": 1.0, "success_fraction": 0.01}
age
1074381
cld_latency
180
edge-cache-tag
205668273106704222303092677181222189726,485239066690905873616624527207302478547,ae7a14591aaf8d474cdb3f92111c923e
cld_cache
MISS
cld_hits
0
x-cache
HIT
strict-transport-security
max-age=31536000
content-length
172683
x-xss-protection
1; mode=block
cld_by
cache-wdc5538-WDC
x-served-by
cache-wdc5559-WDC
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 01 Jun 2021 10:19:59 GMT
server
ECAcc (mil/6C94)
x-timer
S1633336474.742285,VS0,VE1
etag
"d2668a73c5528255b775cdd08b0e7b3c"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
SAMEORIGIN
report-to
{"group": "default", "max_age":604800, "endpoints":[{"url":"https://report.vdms.com/","priority":1 }, {"url":"https://nelcollector.sre.ecsvc.net/report","priority":2 }]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1
mqdefault.jpg
img.youtube.com/vi/J36MCxgP2_4/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.youtube.com/vi/J36MCxgP2_4/mqdefault.jpg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bd1d46e090dd11a9123e403410ad1b3354ed4c0906c92a13ae0a0daf85a91421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6457
x-xss-protection
0
server
sffe
etag
"0"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 15 Dec 2021 21:49:27 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame C0DA 		71 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766575&bpp=1&bdt=297&idt=564&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3067&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=tPJEadH44t&p=https%3A//www.aiupnow.com&dtd=568
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d014f18e097b4117042cecac8529f792c4781b9a7c8e3c0be4b51cccadd83cb3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Wed, 15 Dec 2021 19:49:27 GMT
server
cafe
content-length
27770
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
advert.gif
mc.yandex.com/metrika/ 		43 B
136 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mc.yandex.com/metrika/advert.gif
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
last-modified
Wed, 15 Dec 2021 16:08:50 GMT
etag
"61b9e8e2-2b"
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
content-length
43
expires
Wed, 15 Dec 2021 20:49:27 GMT
/
pebed.dm-event.net/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
Origin
https://www.dailymotion.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
*
Access-Control-Max-Age
604800
Server
edward-ed/2.2.1
Date
Wed, 15 Dec 2021 19:49:27 GMT
Content-Length
0
dmp.locale-en-US.89c08fbc7e17a76680a7.json
static1.dmcdn.net/playerv5/ Frame 9407 		4 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.locale-en-US.89c08fbc7e17a76680a7.json
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
d71d986a726a9a3b37c6a5e049fee9692442911b24fcbc115a55608634a3ebf9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
age
788387
server-timing
total;dur=0, dc;desc="dc3"
content-length
1077
last-modified
Mon, 06 Dec 2021 16:11:33 GMT
server
DMS/1.0.42
etag
"61ae3635-fbd"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
574bba9454d619203b57f2e83db41036
expires
Wed, 05 Jan 2022 16:49:40 GMT
/
pebed.dm-event.net/ Frame 9407 		15 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

X-Dm-EventBus-Worker-Duration
0
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Language
de-DE,de;q=0.9
X-Dm-EventBus-Compression-Duration
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

Date
Wed, 15 Dec 2021 19:49:27 GMT
Server
edward-ed/2.2.1
Access-Control-Max-Age
604800
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Content-Length
15
x7zgqmr
www.dailymotion.com/player/metadata/video/ Frame 9407 		14 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.dailymotion.com/player/metadata/video/x7zgqmr?embedder=https%3A%2F%2Fwww.aiupnow.com%2F&referer=&dmV1st=2D76E625E425DA859D2C747624244DA0&dmTs=99129
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.90 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
fp.dc3.dailymotion.com
Software
DMS/1.0.42 /
Resource Hash
15946a6204d7b3f089c55b93efb65f9d96285412722ca4e45fbcbf15098d9406
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31708800; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Security-Policy
upgrade-insecure-requests
Content-Encoding
gzip
Referrer-Policy
no-referrer-when-downgrade
Server
DMS/1.0.42
Date
Wed, 15 Dec 2021 19:49:27 GMT
Expect-Ct
max-age=0, report-uri="https://www.dailymotion.com/content_security_policy_report_uri"
Content-Security-Policy-Report-Only
default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri
Content-Type
application/json; charset=utf-8
Cache-Control
no-cache
Server-Timing
total;dur=138, dc;desc="dc3"
Strict-Transport-Security
max-age=31708800; includeSubDomains; preload
Timing-Allow-Origin
*
Vary
X-DM-SSL,Accept-Encoding
Content-Length
8821
dmp.theme_neon.1783142d9b9ad037170c.js
static1.dmcdn.net/playerv5/ Frame 9407 		576 KB
158 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.theme_neon.1783142d9b9ad037170c.js
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
bf459edbca835630ab04fe10ab0ea320af9c2a02a28354fac1dd2dacb5b48155

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
age
20123
server-timing
total;dur=2, dc;desc="dc3"
content-length
161081
last-modified
Wed, 15 Dec 2021 14:10:03 GMT
server
DMS/1.0.42
etag
"61b9f73b-90070"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
1949eb784331b4b9bb2cd996674151fb
expires
Fri, 14 Jan 2022 14:14:04 GMT
dmp.vendors~theme_neon.03d60d604f7a509d0f7f.js
static1.dmcdn.net/playerv5/ Frame 9407 		60 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.vendors~theme_neon.03d60d604f7a509d0f7f.js
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
b4700758182849390e83510cfa4d6ac01e49183ad810851b099d55fb0b93eec1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
age
376382
server-timing
total;dur=0, dc;desc="dc3"
content-length
16342
last-modified
Thu, 09 Dec 2021 09:16:30 GMT
server
DMS/1.0.42
etag
"61b1c96e-f198"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
31b477bc3788972bf1a90170269815af
expires
Mon, 10 Jan 2022 11:16:25 GMT
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 9407 		374 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f725f6888d32252c9f3dc55750d168b0f4f00e0ea1f2e877ff46595662a56110
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
126427
x-xss-protection
0
expires
Wed, 15 Dec 2021 19:49:27 GMT
vglnk.js
cdn.viglink.com/api/ 		81 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.viglink.com/api/vglnk.js
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:a40d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
73073ed7160406dcfbe826dcabd7ec807cf2aa72afe0303424f518767120cf2e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
cf-cache-status
HIT
age
1100379
cf-ray
6be231fe6eae3760-MXP
content-length
28567
x-amz-id-2
aE7PvAIeQ0zxZbpQNDY93wAUgro0nVM3D0X4bKxEMQoClGM1QZ22oWgir5qBrV2MYs8WOTksdJc=
last-modified
Wed, 02 Dec 2020 18:57:12 GMT
server
cloudflare
etag
"072eaf64a771815874455704fca9301b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-request-id
S1MA6HTFHH5AAQSS
cache-control
public, max-age=604800
accept-ranges
bytes
content-type
text/javascript
expires
Wed, 22 Dec 2021 19:49:27 GMT
asid
recs.shareaholic.com/ 		99 B
308 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://recs.shareaholic.com/asid?location=https%3A%2F%2Faiupnow.com&api_key=e68e51f46304cc485d7732b4cf6276c7
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.86.62.20 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-86-62-20.compute-1.amazonaws.com
Software
/
Resource Hash
e304631621145d56c08c2de36d8486df1f727334c806565feff694fd19698bb9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin
https://www.aiupnow.com
date
Wed, 15 Dec 2021 19:49:27 GMT
access-control-allow-credentials
true
content-type
application/json
content-length
99
vary
Origin, Accept-Encoding, User-Agent
access-control-expose-headers
X-Client-Auth
logo.svg
m9m6e2w5.stackpathcdn.com/v2/images_0ecbeeff/badge/ 		743 B
599 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/images_0ecbeeff/badge/logo.svg
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
90fadc153cb3202eb4e63fa7f561f19d28ba6b66e1a91a57813c66c3032d54d9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 15:47:10 GMT
server
nginx
x-amz-request-id
SPDJ024VJGG2SW33
etag
"83eda2388bc041d5d753201754724793"
x-hw
1639597767.cds101.fr8.hn,1639597767.cds154.fr8.c
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
360
x-amz-id-2
u1pmQYGYx+BEROWSOiGI89Vvg0WG5J2ycZg3tRuOno12H0ML/yIqiqurnrat9x1Q1GO+2di04ik=
nth.png
3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
f4b70c4cd11d64db7c587fa68ed12651b684fe2e78a9a9d46812f89beb496acb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer

Response headers

date
Wed, 15 Dec 2021 19:01:55 GMT
x-content-type-options
nosniff
age
2851
content-disposition
inline;filename="nth.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3362
x-xss-protection
0
server
fife
etag
"vb88"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 16 Dec 2021 15:00:37 GMT
nth.png
3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
f4b70c4cd11d64db7c587fa68ed12651b684fe2e78a9a9d46812f89beb496acb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer

Response headers

date
Wed, 15 Dec 2021 19:01:55 GMT
x-content-type-options
nosniff
age
2851
content-disposition
inline;filename="nth.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3362
x-xss-protection
0
server
fife
etag
"vb88"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 16 Dec 2021 15:00:37 GMT
nth.png
3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
f4b70c4cd11d64db7c587fa68ed12651b684fe2e78a9a9d46812f89beb496acb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer

Response headers

date
Wed, 15 Dec 2021 19:01:55 GMT
x-content-type-options
nosniff
age
2851
content-disposition
inline;filename="nth.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3362
x-xss-protection
0
server
fife
etag
"vb88"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 16 Dec 2021 15:00:37 GMT
nth.png
1.bp.blogspot.com/-eAeO-DYJDws/Vkqtj4HFBFI/AAAAAAAAB0o/Q5OLsyONXM0/s1600-r/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://1.bp.blogspot.com/-eAeO-DYJDws/Vkqtj4HFBFI/AAAAAAAAB0o/Q5OLsyONXM0/s1600-r/nth.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
6ca0ba132e317aa25845976719aecc3fbc11dfbe15c1ca37809b1d0d39bcf8c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer

Response headers

date
Wed, 15 Dec 2021 16:03:13 GMT
x-content-type-options
nosniff
age
13574
content-disposition
inline;filename="nth.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1439
x-xss-protection
0
server
fife
etag
"v74b"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 05 Oct 2021 18:04:54 GMT
nth.png
1.bp.blogspot.com/-eAeO-DYJDws/Vkqtj4HFBFI/AAAAAAAAB0o/Q5OLsyONXM0/s1600-r/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://1.bp.blogspot.com/-eAeO-DYJDws/Vkqtj4HFBFI/AAAAAAAAB0o/Q5OLsyONXM0/s1600-r/nth.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
6ca0ba132e317aa25845976719aecc3fbc11dfbe15c1ca37809b1d0d39bcf8c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer

Response headers

date
Wed, 15 Dec 2021 16:03:13 GMT
x-content-type-options
nosniff
age
13574
content-disposition
inline;filename="nth.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1439
x-xss-protection
0
server
fife
etag
"v74b"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 05 Oct 2021 18:04:54 GMT
nth.png
1.bp.blogspot.com/-eAeO-DYJDws/Vkqtj4HFBFI/AAAAAAAAB0o/Q5OLsyONXM0/s1600-r/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://1.bp.blogspot.com/-eAeO-DYJDws/Vkqtj4HFBFI/AAAAAAAAB0o/Q5OLsyONXM0/s1600-r/nth.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
6ca0ba132e317aa25845976719aecc3fbc11dfbe15c1ca37809b1d0d39bcf8c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer

Response headers

date
Wed, 15 Dec 2021 16:03:13 GMT
x-content-type-options
nosniff
age
13574
content-disposition
inline;filename="nth.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1439
x-xss-protection
0
server
fife
etag
"v74b"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 05 Oct 2021 18:04:54 GMT
nth.png
3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
f4b70c4cd11d64db7c587fa68ed12651b684fe2e78a9a9d46812f89beb496acb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer

Response headers

date
Wed, 15 Dec 2021 19:01:55 GMT
x-content-type-options
nosniff
age
2851
content-disposition
inline;filename="nth.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3362
x-xss-protection
0
server
fife
etag
"vb88"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 16 Dec 2021 15:00:37 GMT
nth.png
3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
f4b70c4cd11d64db7c587fa68ed12651b684fe2e78a9a9d46812f89beb496acb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer

Response headers

date
Wed, 15 Dec 2021 19:01:55 GMT
x-content-type-options
nosniff
age
2851
content-disposition
inline;filename="nth.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3362
x-xss-protection
0
server
fife
etag
"vb88"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 16 Dec 2021 15:00:37 GMT
nth.png
3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
f4b70c4cd11d64db7c587fa68ed12651b684fe2e78a9a9d46812f89beb496acb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer

Response headers

date
Wed, 15 Dec 2021 19:01:55 GMT
x-content-type-options
nosniff
age
2851
content-disposition
inline;filename="nth.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3362
x-xss-protection
0
server
fife
etag
"vb88"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 16 Dec 2021 15:00:37 GMT
share-button-shadow.png
m9m6e2w5.stackpathcdn.com/v2/images_0ecbeeff/share-buttons/ 		405 B
640 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/images_0ecbeeff/share-buttons/share-button-shadow.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
22a6b5ca081c7e993a6de605757cb5da85573221300021627663e89fb6950b18

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 15:47:10 GMT
server
nginx
x-amz-request-id
XKBKB1A1MDJ255YA
etag
"eb8d7f99f86c638ac8e68c8e4014cbd3"
x-hw
1639597767.cds101.fr8.hn,1639597767.cds243.fr8.c
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
428
x-amz-id-2
MYcd7n+myKbK2WUua0SBx2hoDquGyFnieY4X92SpJjYozv0MwZB9BoKfANJCHPcIZsig8E8/YoU=
shareaholic-icons.woff
m9m6e2w5.stackpathcdn.com/v2/fonts_0ecbeeff/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/fonts_0ecbeeff/shareaholic-icons.woff
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
21e444926ee2b1297a9888fe081f196a640763626243aa07b80ff171049e7a8c

Request headers

Referer
https://www.aiupnow.com/
Origin
https://www.aiupnow.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
x-amz-request-id
G0NXFXTFZT4186JC
access-control-allow-methods
GET, HEAD, PUT, POST, DELETE
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
content-length
20572
x-amz-id-2
bh9n9Nzzckm4+J6p4sZyrGFd/PXllj9vwezB0W3ZMqoq/wgQeRyIK2mHIucfrFdM5DaiF6vaCxk=
last-modified
Wed, 15 Dec 2021 15:47:10 GMT
server
nginx
etag
"0e26e8e2b7a79ff2a9e9fe9ef5382e6d"
access-control-max-age
2000
x-hw
1639597767.cds060.lo4.hn,1639597767.cds030.lo4.c
content-type
font/woff
access-control-allow-origin
*
access-control-expose-headers
ETag, Access-Control-Allow-Origin
cache-control
max-age=31536000, public
accept-ranges
bytes
truncated
/ 		492 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4299f2aaa46eea61cff7da0f945e26cf0ace8a35ea912182e7df2a9958db8e10

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
JQb9M84BqIm.css
www.facebook.com/rsrc.php/v3/yN/l/0,cross/ Frame 2DC3 		19 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/rsrc.php/v3/yN/l/0,cross/JQb9M84BqIm.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5257f6397ef05fa34f2658be967345dac7937800cdf382bd8635e31384296191
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Origin
https://www.facebook.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 15:44:06 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
R4Tr9HQCAgXf/SarMAA6/w==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
content-length
4856
x-fb-rlafr
0
x-fb-debug
P+juPI3KxnSuOottrnufTkh2xHJLjlKBTojLBEvDyWw3MJbWGUs4jJKwulkMlB9nv8BA1fRznNvGD/hiz0utRw==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Thu, 15 Dec 2022 15:44:06 GMT
FPdNN1TK3wJ.css
www.facebook.com/rsrc.php/v3/yF/l/0,cross/ Frame 2DC3 		2 KB
869 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/rsrc.php/v3/yF/l/0,cross/FPdNN1TK3wJ.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
a33a18d3ade364ae94fdc88f786c869ff8b45cae9bf98f2e2a16dd1459d98cdc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Origin
https://www.facebook.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 13 Dec 2021 21:52:20 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
qki4Wy05mlz5CwH9oqDKag==
document-policy
force-load-at-top
content-security-policy-report-only
default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy
cross-origin
content-length
815
x-fb-rlafr
0
x-fb-debug
WPxpuVQfWnniaqZNuD7ixqEmqAmmbfP3OzHEY4TzgIoGJQQQoiRbh480H4gAw5aT99y5RbBF8cCaK1RYugxbMA==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Tue, 13 Dec 2022 21:52:20 GMT
kaKvCk5Vlf1.js
www.facebook.com/rsrc.php/v3/yR/r/ Frame 2DC3 		307 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/rsrc.php/v3/yR/r/kaKvCk5Vlf1.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5858f70f9aa16869be79deb4ca3b7b2aeae629c4a039c134edf88c12f6ae346e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Origin
https://www.facebook.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 22:45:10 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
YO0L2X707W1WNFna6mxuNw==
document-policy
force-load-at-top
content-security-policy-report-only
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy
cross-origin
content-length
84462
x-fb-rlafr
0
x-fb-debug
NTANtEsBOpJw+ctyA2oA8kUvSD/KIyunTDyBlTzphEBAs/Ss9i7cz205wyiAKnvE0LLjZB1jwz9ZzJKq3UmrMA==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Wed, 14 Dec 2022 22:45:10 GMT
4-JkjOZ9L9l.js
www.facebook.com/rsrc.php/v3/yP/r/ Frame 2DC3 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/rsrc.php/v3/yP/r/4-JkjOZ9L9l.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
a538cf51f63c0d439f2e1a0920a0b33b9da788d56ab2b30a13713f4f7d3e9469
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Origin
https://www.facebook.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 13 Dec 2021 15:32:01 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
ynieSNib45Es0Lxgob131g==
document-policy
force-load-at-top
content-security-policy-report-only
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy
cross-origin
content-length
1730
x-fb-rlafr
0
x-fb-debug
F48cIWr6CxSWTsm0j3zdmO5IWi8UTpmevu3cuIFsarWOmrtlhhwwRHoigCEsS65loYAZxs4CfkWEhrWBCJtDdA==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Tue, 13 Dec 2022 15:32:01 GMT
p2E3jxcIv6_.js
www.facebook.com/rsrc.php/v3/yM/r/ Frame 2DC3 		62 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/rsrc.php/v3/yM/r/p2E3jxcIv6_.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
8e19ca409ec003a31ada59e7dfd29dcef025cafe3ed8465defdcca836a78bcf2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Origin
https://www.facebook.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 11 Dec 2021 15:52:34 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
0sinC4hT2UkcGx1V73x3fw==
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cross-origin-resource-policy
cross-origin
content-length
19784
x-fb-rlafr
0
x-fb-debug
wqURfYVM2ripKlIRMm2dlfKbazJkQLr4ScNtHF0pY0uOagaBUX2p0em9kTBwQxFO+aLKetYXc/CeekuhI6ivdQ==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Sun, 11 Dec 2022 15:52:34 GMT
jJp15MD1GtF.js
www.facebook.com/rsrc.php/v3iAxA4/yZ/l/de_DE/ Frame 2DC3 		128 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/rsrc.php/v3iAxA4/yZ/l/de_DE/jJp15MD1GtF.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ec5bd2dda6ef160c59fb45abdf3fb9b7352e73bba600f27bb7555f1ad702f873
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Origin
https://www.facebook.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 02:30:36 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
MYfbTSsCa+nx08yic0DKTw==
document-policy
force-load-at-top
content-security-policy-report-only
default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy
cross-origin
content-length
36479
x-fb-rlafr
0
x-fb-debug
KJ2hwW+908ML8DgrQiuuACX2Ow+NnBU3HS0Odvxpu1xLnbN7hacEkAK9aw+JlX4Pt5nIaeIw5SlDOVDUInSCFg==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Wed, 14 Dec 2022 02:30:36 GMT
68311313_986513108408646_1873387064326619136_n.png
scontent.xx.fbcdn.net/v/t1.6435-9/p130x130/ Frame 2DC3 		59 KB
59 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://scontent.xx.fbcdn.net/v/t1.6435-9/p130x130/68311313_986513108408646_1873387064326619136_n.png?_nc_cat=107&ccb=1-5&_nc_sid=dd9801&_nc_ohc=5xgLbhgoF9sAX9iiLvz&_nc_ht=scontent.xx&edm=ADwHzz8EAAAA&oh=00_AT-Rge353qNorbr9yOTdxtlvJJspFywn8YzPsBokr7Zxeg&oe=61DEA207
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e78e46931859effb952e79bee79ca485c6d0081f6be2531dfba0ce6c21a08c14

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-haystack-needlechecksum
2857584518
date
Wed, 15 Dec 2021 19:49:27 GMT
x-fb-trip-id
2074150462
last-modified
Sat, 03 Aug 2019 04:20:00 GMT
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-FB-CEC-Video-Limit
cache-control
max-age=1209600, no-transform
cross-origin-resource-policy
cross-origin
x-needle-checksum
3570500389
timing-allow-origin
*
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
60631
67983652_986513518408605_4632540167708606464_n.jpg
scontent.xx.fbcdn.net/v/t1.6435-1/cp0/p50x50/ Frame 2DC3 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://scontent.xx.fbcdn.net/v/t1.6435-1/cp0/p50x50/67983652_986513518408605_4632540167708606464_n.jpg?_nc_cat=110&ccb=1-5&_nc_sid=dbb9e7&_nc_ohc=ujhgtEjIzdgAX8DmnQD&_nc_ht=scontent.xx&edm=ADwHzz8EAAAA&oh=00_AT_uRxeyzwa7VvJBlOTOvhtqGG4hPuT7RI7hShtlRne4wg&oe=61DE41B7
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
316cff920acbd735efbd245094b3472c994affc566c3437ea8eb20c57a4a9e5a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-haystack-needlechecksum
2309778449
date
Wed, 15 Dec 2021 19:49:27 GMT
x-fb-trip-id
2074150462
last-modified
Sat, 03 Aug 2019 04:21:08 GMT
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
X-FB-CEC-Video-Limit
cache-control
max-age=1209600, no-transform
cross-origin-resource-policy
cross-origin
x-needle-checksum
1181508415
timing-allow-origin
*
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
1688
doq.htm
rt3054.infolinks.com/action/ 		892 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://rt3054.infolinks.com/action/doq.htm?pcode=utf-8&r=16395977673831
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.42.247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
760a701e314fcc16740c761819e8fd6cb4186c68378da8d3271df6a601f2c090

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
p3p
CP="NON DSP NID OUR COR"
content-type
text/html;charset=UTF-8
x-application-context
application:prod
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-language
de-DE
access-control-allow-origin
https://www.aiupnow.com
cache-control
no-cache,no-store
access-control-allow-credentials
true
cf-ray
6be231febcfb35fb-MAN
expires
Thu, 01 Jan 1970 00:00:00 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/ Frame 6C86 		125 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_0
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/subscriptions/subscribe_embed/js/www-subscribe-embed_v0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c92084dec60847faa5d1719a8b8c238bf82f3f1ca97a8474acd3c67e3aed419
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 12 Dec 2021 22:38:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
249070
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41862
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Mon, 12 Dec 2022 22:38:17 GMT
ab6761610000e5eb98dc0774392df9f6b5fc1b46
i.scdn.co/image/ Frame 1C4D 		42 KB
43 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.scdn.co/image/ab6761610000e5eb98dc0774392df9f6b5fc1b46
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b71079af3ec36279d0386b3b1498fa09d315d859221fa026027c4175ca3c7f0f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:27 GMT
Last-Modified
Fri, 02 Jul 2021 00:15:12 GMT
Age
649442
ETag
"1f5a157460acdc751052c30ff0e26f3d"
X-Served-By
cache-ord1737-ORD, cache-hhn11564-HHN
X-Cache
HIT, HIT
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
43112
X-Cache-Hits
1, 1
sprite@1.0435c9db.png
open.scdn.co/cdn/images/follow/ Frame 1C4D 		576 B
1016 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://open.scdn.co/cdn/images/follow/sprite@1.0435c9db.png
Requested by
Host: open.scdn.co
URL: https://open.scdn.co/cdn/build/follow/follow.0a706f0e.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8306b110649100e1a82a22573136f9208f5ceb738bb508a7d2fbad3b66bed7aa

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://open.scdn.co/cdn/build/follow/follow.0a706f0e.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:27 GMT
Last-Modified
Mon, 22 Nov 2021 10:37:26 GMT
Age
2016392
ETag
"be80ee12621c68563801dfc8ad5381d6"
X-Served-By
cache-ord1740-ORD, cache-hhn11579-HHN
X-Cache
HIT, HIT
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
576
X-Cache-Hits
1, 809
recommendations.10022a97346f1c6e3798931bbd8e4bb5.css
c.disquscdn.com/next/recommendations/styles/ 		0
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/styles/recommendations.10022a97346f1c6e3798931bbd8e4bb5.css
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/recommendations.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:7a00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 18 Oct 2021 21:23:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5005562
x-cache
Hit from cloudfront
content-length
2978
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 18 Oct 2021 21:05:37 GMT
server
nginx
etag
"616de1a1-ba2"
content-type
text/css; charset=utf-8
via
1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
expires
Tue, 18 Oct 2022 21:23:25 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
JNCvoa-ktT4Xk5od4cs4DzwDj42y7THOmYCQF44kiPoCj0GDtnAZsQ==
x-cache-hits
0
common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
c.disquscdn.com/next/recommendations/ 		0
87 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/recommendations.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:7a00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 18 Oct 2021 21:23:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5005562
x-cache
Hit from cloudfront
content-length
88862
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 18 Oct 2021 21:05:37 GMT
server
nginx
etag
"616de1a1-15b1e"
content-type
application/javascript; charset=utf-8
via
1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
expires
Tue, 18 Oct 2022 21:23:25 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
Q5UgkmeT3iB_0iF_oKehDU1e4w33NNUNTnT00VMNTRhYKcfLVX5e6w==
x-cache-hits
0
recommendations.bundle.926bc472e4859a48daa346b4ba2ab4f4.js
c.disquscdn.com/next/recommendations/ 		0
20 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/recommendations.bundle.926bc472e4859a48daa346b4ba2ab4f4.js
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/recommendations.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:7a00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 11 Oct 2021 20:25:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5613824
x-cache
Hit from cloudfront
content-length
20244
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 11 Oct 2021 20:15:56 GMT
server
nginx
etag
"61649b7c-4f14"
content-type
application/javascript; charset=utf-8
via
1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
expires
Tue, 11 Oct 2022 20:25:43 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
2B6AYTLYKVAjqoX20fmceXnDzrTD-Kxn7ebuIHBn6ixhjApJSY0_eA==
x-cache-hits
0
default
www.aiupnow.com/feeds/posts/ 		67 KB
21 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.aiupnow.com/feeds/posts/default?alt=json-in-script&start-index=19&max-results=1&callback=jQuery111007687505175406069_1639597766411&_=1639597766415
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
blogger-renderd /
Resource Hash
4a7577bcebc8c53f84719aaea16c5a3d51aefba1680376c1a90c2ca217acd34c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 15 Dec 2021 15:04:59 GMT
server
blogger-renderd
etag
W/"448d9f7ddf0e26be86e84dfbe27e37f1420f4d4a9f9d3bf2ef521b712b292793"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, must-revalidate, proxy-revalidate, max-age=1
cross-origin-resource-policy
cross-origin
content-length
21805
x-xss-protection
0
expires
Wed, 15 Dec 2021 19:49:28 GMT
shares.json
api.bufferapp.com/1/links/ 		66 B
410 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bufferapp.com/1/links/shares.json?url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&callback=JSONP_7341
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/sharebuttons.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.139.31 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
60f2fd5d630ad85fde9f4faf9714bdf5dfe10ec76ae260427913ad24e7cb8206
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
MISS
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
public, max-age=43200
cf-ray
6be231ff5a10360d-MAN
etag
W/"42-AsuxPa0uyjKW1a/pq4rfpXrG7vc"
expires
Thu, 16 Dec 2021 07:49:27 GMT
dk
connect.ok.ru/ 		11 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://connect.ok.ru/dk?url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&tp=json&ref=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&st.cmd=extLike
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.20.152.207 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),
Reverse DNS
ip207.152.odnoklassniki.ru
Software
apache /
Resource Hash
618de7d9f46f3f697d827a1b6d84974760d5deda62e4e592adaa3c646602a94c
Security Headers
Name Value
Content-Security-Policy default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://football.sportmail.ru *.google.ru *.google.com *.googlesyndication.com blob:; script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adsafeprotected.com *.serving-sys.com https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://gum.criteo.com https://football.sportmail.ru *.googletagmanager.com connect.facebook.net *.google.ru *.google.com *.googlesyndication.com; worker-src blob: 'self'; connect-src * wss: blob:; font-src * data: blob:; frame-src * blob: 'self'; img-src * data: blob: about:; media-src * data: blob:; object-src *; report-uri /csp/report;
Strict-Transport-Security max-age=63072000;includeSubdomains;preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
br
vary
Accept-Encoding
rendered-blocks
WidgetExtLike
content-security-policy-report-only
default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always;
x-xss-protection
1; mode=block
pragma
no-cache
server
apache
strict-transport-security
max-age=63072000;includeSubdomains;preload
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store
access-control-allow-credentials
true
content-security-policy
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://football.sportmail.ru *.google.ru *.google.com *.googlesyndication.com blob:; script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adsafeprotected.com *.serving-sys.com https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://gum.criteo.com https://football.sportmail.ru *.googletagmanager.com connect.facebook.net *.google.ru *.google.com *.googlesyndication.com; worker-src blob: 'self'; connect-src * wss: blob:; font-src * data: blob:; frame-src * blob: 'self'; img-src * data: blob: about:; media-src * data: blob:; object-src *; report-uri /csp/report;
x-content-type-options
nosniff
expires
Mon, 26 Jul 1997 05:00:00 GMT
count.json
api.pinterest.com/v1/urls/ 		103 B
415 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.pinterest.com/v1/urls/count.json?url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&callback=JSONP_7464
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/sharebuttons.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.30.24.193 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-24-193.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4c58ea67ac5e2c7b16dedb37ca5e494406cc0ff89130b6566db266b86aed81c3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
x-content-type-options
nosniff
x-cdn
akamai
akamai-grn
0.cc247e68.1639597767.2bbb2c2
content-type
application/javascript
access-control-allow-origin
*
pinterest-generated-by
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
1
x-pinterest-rid
6379397007476789
content-length
103
expires
Wed, 15 Dec 2021 20:04:27 GMT
button_info.json
www.reddit.com/ 		120 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.reddit.com/button_info.json?url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
0cfd01f61f14eb6d881159ad18587bb4501c97ae7db9bbc9c5dd04a35362cb03
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ratelimit-used
1
via
1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-length
120
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
x-moose
majestic
x-clacks-overhead
GNU Terry Pratchett
server
snooserv
x-frame-options
SAMEORIGIN
date
Wed, 15 Dec 2021 19:49:27 GMT
x-ratelimit-remaining
299
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
X-Moose
cache-control
private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
x-ratelimit-reset
33
accept-ranges
bytes
expires
-1
stats
api.tumblr.com/v2/share/ 		142 B
392 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.tumblr.com/v2/share/stats?url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.40 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
assets.tumblr.com
Software
nginx /
Resource Hash
92a52c85d6e732cc7b34a65f9317ef052b15c2f2b58c9fc7f0ef939c7e3ba248
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding, Accept-Encoding
p3p
CP="Tumblr's privacy policy is available here: https://www.tumblr.com/policy/en/privacy"
access-control-allow-origin
https://www.aiupnow.com
x-rid
7b7b9f25bda622810766958d105c2d8d
strict-transport-security
max-age=31536000; preload
accept-ranges
bytes
content-type
application/json; charset=utf-8
content-length
136
share.php
vk.com/ 		24 B
482 B 		Script
General
Check archive.org
Download Go to
Full URL
https://vk.com/share.php?url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&act=count&index=8531&callback=JSONP_7114
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/sharebuttons.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
87.240.190.72 , Russian Federation, ASN47541 (VKONTAKTE-SPB-AS vk.com, RU),
Reverse DNS
srv72-190-240-87.vk.com
Software
kittenx / KPHP/7.4.109642
Resource Hash
939a20090f5d34d32c51d8128bc3a0dcb9adbef28cbbd7d3d732f333898dd044
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
x-frontend
front224207
server
kittenx
x-powered-by
KPHP/7.4.109642
strict-transport-security
max-age=15768000
content-type
text/html; charset=windows-1251
access-control-expose-headers
X-Frontend
cache-control
no-store
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
44
yum-count
www.yummly.com/services/ 		11 B
724 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.yummly.com/services/yum-count?url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/cde9788c/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1a47 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
618de7d9f46f3f697d827a1b6d84974760d5deda62e4e592adaa3c646602a94c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
vary
Accept-Encoding
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
11
last-modified
Wed, 15 Dec 2021 19:49:27 GMT
server
cloudflare
x-yummly-req-id
4dd04457-140d-42a4-9103-1904fdd7fb90
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
86400
access-control-allow-methods
GET, OPTIONS
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.aiupnow.com
cache-control
private
access-control-allow-credentials
true
accept-ranges
bytes
cf-ray
6be231ff589a6964-FRA
access-control-allow-headers
DNT,User-Agent,Cache-Control,Content-Type,X-Yummly-Auth-Token,Accept,Authorization,If-Match,If-None-Match,If-Modified-Since,If-Unmodified-Since,X-Yummly-App-Id,X-Yummly-App-Key,X-Visitor,X-Yummly-Type,X-Forwarded-For,X-Yummly-Locale,X-Yummly-Domain,X-Yummly-Timeout-Millis
/
o22381.ingest.sentry.io/api/1282937/envelope/ Frame 1C4D 		2 B
245 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o22381.ingest.sentry.io/api/1282937/envelope/?sentry_key=f70d4f661ef54b5fb9de10b5bb21e376&sentry_version=7
Requested by
Host: open.scdn.co
URL: https://open.scdn.co/cdn/build/follow/vendor~follow.ef331d43.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://open.spotify.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
via
1.1 google
server
nginx
vary
Origin
content-type
application/json
access-control-allow-origin
https://open.spotify.com
access-control-expose-headers
x-sentry-error, x-sentry-rate-limits, retry-after
x-envoy-upstream-service-time
0
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
clear
content-length
2
/
de.tynt.com/deb/ Frame DE04 		75 B
289 B 		Document
General
Check archive.org
Download Go to
Full URL
https://de.tynt.com/deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.32 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip32.67-202-105.static.steadfastdns.net
Software
/
Resource Hash
e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/

Response headers

cache-control
max-age=86400
expires
Thu, 16 Dec 2021 19:49:27 GMT
referrer-policy
unsafe-url
content-type
text/html
content-length
75
date
Wed, 15 Dec 2021 19:49:27 GMT
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
usermatch
ssum-sec.casalemedia.com/ Frame 300C
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?s=191306&cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a44fcdf2a2b8b40527c7d52acd853b355152737e0a453026205c90b404206ac6

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/

Response headers

Server
Apache
Content-Type
text/html
Dropped-Udsids
241|39|230|45|196|47|64|41
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary
Is-Traffic-Usersync
Content-Length
1622
Expires
Wed, 15 Dec 2021 19:49:27 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:27 GMT
Connection
keep-alive

Redirect headers

Server
Apache
Content-Length
311
Content-Type
text/html; charset=iso-8859-1
Location
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires
Wed, 15 Dec 2021 19:49:27 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:27 GMT
Connection
keep-alive
/
onetag-sys.com/usync/ Frame FA27 		2 KB
814 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=598ce3ddaee8c90
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/

Response headers

content-type
text/html
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
strict-transport-security
max-age=15552000
pbm-usync
router.infolinks.com/dyn/ Frame 4101
Redirect Chain
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infoli...
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infoli...
  • https://image4.pubmatic.com/AdServer/SPug?p=156872&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fpbm-usync%3Fuid%3DDB27BCFB-049B-4C7D-880C-0FAA4FF40F37
  • https://router.infolinks.com/dyn/pbm-usync?uid=DB27BCFB-049B-4C7D-880C-0FAA4FF40F37
0
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/pbm-usync?uid=DB27BCFB-049B-4C7D-880C-0FAA4FF40F37
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:28 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
text/html;charset=UTF-8
cache-control
no-store, no-cache, private
cf-ray
6be232032dfd3628-MAN
content-length
0
expires
Tue, 15 Dec 2020 19:49:28 GMT

Redirect headers

location
https://router.infolinks.com/dyn/pbm-usync?uid=DB27BCFB-049B-4C7D-880C-0FAA4FF40F37
date
Wed, 15 Dec 2021 19:49:26 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
apn-usync
router.infolinks.com/dyn/ Frame 4101
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fapn-usync%3Fuser_id%3D%24UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fapn-usync%253Fuser_id%253D%2524UID
  • https://router.infolinks.com/dyn/apn-usync?user_id=4698782594569488495
35 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/apn-usync?user_id=4698782594569488495
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:28 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6be232019b3e3628-MAN
content-length
35
expires
Tue, 15 Dec 2020 19:49:28 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:27 GMT
X-Proxy-Origin
194.36.108.22; 194.36.108.22; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
c67e8df1-7486-474f-aded-9391b716c72f
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://router.infolinks.com/dyn/apn-usync?user_id=4698782594569488495
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
cm
u.openx.net/w/1.0/ Frame 4101 		43 B
306 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u.openx.net/w/1.0/cm?id=9b5994f2-035d-46de-8c12-bc0e9a4e66c2&r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fox-usync%3Fuid%3D
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.221.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
server
OXGW/16.221.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
via
1.1 google
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56
expires
Mon, 26 Jul 1997 05:00:00 GMT
VR-usync
router.infolinks.com/dyn/ Frame 4101
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58422/occ
  • https://ups.analytics.yahoo.com/ups/58422/occ?verify=true
  • https://router.infolinks.com/dyn/VR-usync?uid=y-DF03DjZE2uFq6CQ3Cx4PgTZLKm8CFmUAzrgjUUw-~A
35 B
289 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/VR-usync?uid=y-DF03DjZE2uFq6CQ3Cx4PgTZLKm8CFmUAzrgjUUw-~A
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:28 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6be232017b1b3628-MAN
content-length
35
expires
Tue, 15 Dec 2020 19:49:27 GMT

Redirect headers

location
https://router.infolinks.com/dyn/VR-usync?uid=y-DF03DjZE2uFq6CQ3Cx4PgTZLKm8CFmUAzrgjUUw-~A
date
Wed, 15 Dec 2021 19:49:27 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
r1-usync
router.infolinks.com/dyn/ Frame 4101
Redirect Chain
  • https://sync.1rx.io/usersync2/infolinks
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3778081612
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3778081612
  • https://sync.1rx.io/usersync/tradedesk/943e32d1-329a-459e-9174-6c314397aa75
  • https://sync.targeting.unrulymedia.com/csync/RX-4ae237c3-3670-48ad-9645-58db8dee2626-003?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fr1-usync%3Fuid%3DRX-4ae237c3-3670-48ad-9645-58db8dee2626-003
  • https://router.infolinks.com/dyn/r1-usync?uid=RX-4ae237c3-3670-48ad-9645-58db8dee2626-003
35 B
223 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/r1-usync?uid=RX-4ae237c3-3670-48ad-9645-58db8dee2626-003
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:28 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6be23206dcc13628-MAN
content-length
35
expires
Tue, 15 Dec 2020 19:49:28 GMT

Redirect headers

location
https://router.infolinks.com/dyn/r1-usync?uid=RX-4ae237c3-3670-48ad-9645-58db8dee2626-003
date
Wed, 15 Dec 2021 19:49:28 GMT
server
Tengine
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag
RX4ae237c3367048ad964558db8dee2626003
content-type
text/html
zmn-usync
router.infolinks.com/dyn/ Frame 4101
Redirect Chain
  • https://b1sync.zemanta.com/usersync/infolinks/?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fzmn-usync%3Fuid%3D__ZUID__
  • https://router.infolinks.com/dyn/zmn-usync?uid=
35 B
90 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/zmn-usync?uid=
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:28 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store
cf-ray
6be23202acd23628-MAN
content-length
35

Redirect headers

Location
https://router.infolinks.com/dyn/zmn-usync?uid=
Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:27 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
70
Content-Type
text/html; charset=utf-8
us
sync.go.sonobi.com/ Frame 4101 		0
478 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us?loc=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsonobi-usync%3Fuid%3D%5BUID%5D
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.149 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:27 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-129
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
ca.png
s.cpx.to/ Frame 4101
Redirect Chain
  • https://ib.adnxs.com/getuid?https://s.cpx.to/ca.png?ref=https%253A%252F%252Fwww.aiupnow.com%252F2021%252F12%252Fhackers-using-malicious-iis-server.html&pid=12306&adnxs_uid=$UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.cpx.to%2Fca.png%3Fref%3Dhttps%25253A%25252F%25252Fwww.aiupnow.com%25252F2021%25252F12%25252Fhackers-using-malicious-iis-server.html%26pid%3D1...
  • https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&pid=12306&adnxs_uid=4698782594569488495
95 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&pid=12306&adnxs_uid=4698782594569488495
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Server
52.19.63.112 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-19-63-112.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache, no-cache
Content-Security-Policy
default-src 'self'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Date
Wed, 15 Dec 2021 19:49:31 GMT
X-Frame-Options
sameorigin
Connection
keep-alive
P3P
CP="NOI DEV ADM"
Cache-Control
no-store, must-revalidate, private, max-age=0, no-store, must-revalidate, private, max-age=0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/png
Content-Length
95
Expires
Wed, 15 Dec 2021 19:49:31 UTC

Redirect headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:27 GMT
X-Proxy-Origin
194.36.108.22; 194.36.108.22; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
9134434c-3a6d-4e2c-8a4c-f7f4ff85a2f9
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&pid=12306&adnxs_uid=4698782594569488495
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
dsp.adkernel.com/ Frame 4101 		42 B
233 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsp.adkernel.com/sync?exchange=202&r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fearn-usync%3Fuid%3D%7BUID%7D
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:27 GMT
Server
nginx
Age
0
Content-Type
image/gif
Cache-Control
no-store
Connection
keep-alive
Content-Length
42
outh-usync
router.infolinks.com/dyn/ Frame 4101
Redirect Chain
  • https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true
  • https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&verify=true
  • https://ups.analytics.yahoo.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP1ca20380-5de0-11ec-9300-06a1c97fae8c
  • https://router.infolinks.com/dyn/outh-usync?uid=y-JjE8PO9E2uEcCTwca_SrLhbDo0NCSyOS~A~UP1ca20380-5de0-11ec-9300-06a1c97fae8c
35 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/outh-usync?uid=y-JjE8PO9E2uEcCTwca_SrLhbDo0NCSyOS~A~UP1ca20380-5de0-11ec-9300-06a1c97fae8c
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:28 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6be23201eba73628-MAN
content-length
35
expires
Tue, 15 Dec 2020 19:49:28 GMT

Redirect headers

location
https://router.infolinks.com/dyn/outh-usync?uid=y-JjE8PO9E2uEcCTwca_SrLhbDo0NCSyOS~A~UP1ca20380-5de0-11ec-9300-06a1c97fae8c
date
Wed, 15 Dec 2021 19:49:27 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
usersync
match.bnmla.com/ Frame 4101 		0
114 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.bnmla.com/usersync?sspid=1000361&redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fenbd-usync%3Fuid%3D%5BUUID%5D
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
38.27.122.158 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:27 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
sovrn-usync
router.infolinks.com/dyn/ Frame 4101
Redirect Chain
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID&sovrn_retry=true
  • https://router.infolinks.com/dyn/sovrn-usync?uid=80e385a2cd395028e7ada327
35 B
193 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/sovrn-usync?uid=80e385a2cd395028e7ada327
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:28 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6be23201db933628-MAN
content-length
35
expires
Tue, 15 Dec 2020 19:49:28 GMT

Redirect headers

Date
Wed, 15 Dec 2021 19:49:27 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://router.infolinks.com/dyn/sovrn-usync?uid=80e385a2cd395028e7ada327
Access-Control-Allow-Credentials
true
Connection
close
X-Sovrn-Pod
ad_ap2ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
usersync
router.infolinks.com/dyn/ Frame 4101
Redirect Chain
  • https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolink...
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=REIyN0JDRkItMDQ5Qi00QzdELTg4MEMtMEZBQTRGRjQwRjM3&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?p=60809&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fusersync%3Fpmuservalue%3DDB27BCFB-049B-4C7D-880C-0FAA4FF40F37
  • https://router.infolinks.com/dyn/usersync?pmuservalue=DB27BCFB-049B-4C7D-880C-0FAA4FF40F37
0
158 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/usersync?pmuservalue=DB27BCFB-049B-4C7D-880C-0FAA4FF40F37
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:28 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
cache-control
no-store
cf-ray
6be2320488b53628-MAN
content-length
0

Redirect headers

location
https://router.infolinks.com/dyn/usersync?pmuservalue=DB27BCFB-049B-4C7D-880C-0FAA4FF40F37
date
Wed, 15 Dec 2021 19:49:26 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
zeta-usync
router.infolinks.com/dyn/ Frame 4101
Redirect Chain
  • https://p.rfihub.com/cm?pub=43153&in=1
  • https://router.infolinks.com/dyn/zeta-usync?uid=2810316550540409308
35 B
267 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/zeta-usync?uid=2810316550540409308
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:28 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6be23204482c3628-MAN
content-length
35
expires
Tue, 15 Dec 2020 19:49:28 GMT

Redirect headers

Location
https://router.infolinks.com/dyn/zeta-usync?uid=2810316550540409308
Date
Wed, 15 Dec 2021 19:49:28 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
/
ssc-cms.33across.com/ps/ Frame 4101 		0
72 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssc-cms.33across.com/ps/?ri=0010b00002CpYhEAAV&ru=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2F33a-usync%3Fuid%3D33XUSERID33X
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.24 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip24.67-202-105.static.steadfastdns.net
Software
33XP004 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-33x-status
2000208
date
Wed, 15 Dec 2021 19:49:28 GMT
server
33XP004
iq-usync
router.infolinks.com/dyn/ Frame 4101 		0
35 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/iq-usync
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://router.infolinks.com/usync/manage?pid=3169767&wsid=0&pdom=www.aiupnow.com&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:28 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control
no-store
cf-ray
6be232025c673628-MAN
content-length
0
3087399934-postmessagerelay.js
ssl.gstatic.com/accounts/o/ Frame DBFC 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.gstatic.com/accounts/o/3087399934-postmessagerelay.js
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.aiupnow.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3f95544529bf5a220675a5144deef8a36863d63b94d13b5408341bbd3229691f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 10:36:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
33183
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4296
x-xss-protection
0
last-modified
Tue, 07 Dec 2021 03:14:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="federated-signon-mpm-access"
vary
Accept-Encoding
report-to
{"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 10:36:24 GMT
rpc:shindig_random.js
apis.google.com/js/ Frame DBFC 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/rpc:shindig_random.js?onload=init
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fwww.aiupnow.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
dc10eb4c3193b2a9e85d3e011075c703c98d79e86dee2c8647311db2f1dfeb4b
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-ufFKH+1zIoH4xhzuMmdxhg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
x-ua-compatible
IE=edge, chrome=1
server
ESF
etag
"3fc975e12af4bcde7e44fdb36bca1117"
x-frame-options
SAMEORIGIN
report-to
{"group":"ATmXEA_dQVrlv86pC8WOEb5fgi9oommJCGyT6zaijoPCHQfA","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_dQVrlv86pC8WOEb5fgi9oommJCGyT6zaijoPCHQfA"}]}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
content-security-policy
script-src 'report-sample' 'nonce-ufFKH+1zIoH4xhzuMmdxhg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ATmXEA_dQVrlv86pC8WOEb5fgi9oommJCGyT6zaijoPCHQfA"
expires
Wed, 15 Dec 2021 19:49:27 GMT
css
fonts.googleapis.com/ Frame 111B 		3 KB
579 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766449&bpp=1&bdt=171&idt=202&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yrheaW2R69&p=https%3A//www.aiupnow.com&dtd=209
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 18:15:46 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 15 Dec 2021 19:49:27 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 15 Dec 2021 19:49:27 GMT
vendor-list.json
vendorlist.dmcdn.net/v2/ Frame 9407 		297 KB
38 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vendorlist.dmcdn.net/v2/vendor-list.json
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~theme_neon.03d60d604f7a509d0f7f.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
AmazonS3 /
Resource Hash
72a24849a385cc8c2e75bcd6a6cd2530d7d867ee28ae27aa89cd5b48f7403e8f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
puSsJBdY6n1_ReUCeRc.OniLCjzZRUnW
via
1.1 7279057aafa9070c677136c3d9c68913.cloudfront.net (CloudFront)
age
531560
content-encoding
gzip
content-length
38193
last-modified
Thu, 09 Dec 2021 16:05:33 GMT
server
AmazonS3
date
Wed, 15 Dec 2021 19:49:27 GMT
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=604800
x-ip-address
178.79.246.78
x-amz-cf-pop
CDG50-P1
x-amz-cf-id
N2ipq468Oeo7TSB5PTFq9xgDG7XXTYCnQS--43XvcEAK5THbz9_ECQ==
x-llid
067273e009bc48f8352d8e9219cdb205
expires
Thu, 16 Dec 2021 16:10:07 GMT
Retina-Regular.039feafb8e07151a9fa79dd01263f273.woff2
static1.dmcdn.net/playerv5/fonts/ Frame 9407 		36 KB
37 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/fonts/Retina-Regular.039feafb8e07151a9fa79dd01263f273.woff2
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
9f0384a2c4cddef7a95fce9cc026e0901482723d031610c2dc33f23864e8d5c3

Request headers

Referer
https://www.dailymotion.com/
Origin
https://www.dailymotion.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
last-modified
Mon, 06 Dec 2021 16:11:24 GMT
server
DMS/1.0.42
age
788387
etag
"61ae362c-9118"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=2592000
server-timing
total;dur=0, dc;desc="dc3"
accept-ranges
bytes
timing-allow-origin
*
content-length
37144
x-llid
059adf0b44fb78f9671b4ded29523c15
expires
Wed, 05 Jan 2022 16:49:40 GMT
cast_sender.js
www.gstatic.com/cv/js/sender/v1/ Frame 9407 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.theme_neon.1783142d9b9ad037170c.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2007
x-xss-protection
0
last-modified
Tue, 16 Feb 2021 23:57:06 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview"
vary
Accept-Encoding
report-to
{"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 15 Dec 2021 19:49:27 GMT
latencies.js
speedtest.dailymotion.com/ Frame 9407 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://speedtest.dailymotion.com/latencies.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.theme_neon.1783142d9b9ad037170c.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.91 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
st.dc3.dailymotion.com
Software
/
Resource Hash
72b2181e58d5c45800d66d36702794ca5ae5bf1fbc20f106442b7eac3191a623

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:27 GMT
Content-Encoding
gzip
Last-Modified
Thu, 17 Sep 2020 07:44:45 GMT
Content-Type
application/javascript
Cache-Control
max-age=21600, public
Accept-Ranges
bytes
Content-Length
2041
Expires
Thu, 16 Dec 2021 01:49:27 GMT
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 58D9 		374 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.theme_neon.1783142d9b9ad037170c.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f725f6888d32252c9f3dc55750d168b0f4f00e0ea1f2e877ff46595662a56110
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
126427
x-xss-protection
0
expires
Wed, 15 Dec 2021 19:49:27 GMT
8xXkV1WypR-WWfVpl
s1.dmcdn.net/w/ Frame 9407 		290 KB
269 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.dmcdn.net/w/8xXkV1WypR-WWfVpl
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/2 /
Resource Hash
fc397a38480b8b76d1e301b62e22c88d11d23b495ab0100f3684fa12a65afb52

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
last-modified
Tue, 14 Dec 2021 18:57:29 GMT
server
DMS/2
age
5111
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=604800
server-timing
total;dur=2, dc;desc="dc3"
timing-allow-origin
*
content-length
274998
x-llid
061e9323de5a5a06e875e8892bfb2626
expires
Wed, 22 Dec 2021 18:24:16 GMT
dmp.controls_seek.f219bca68ed2356bbecc.js
static1.dmcdn.net/playerv5/ Frame 9407 		71 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.controls_seek.f219bca68ed2356bbecc.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.manifest.a8563fface00cf3c9b95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
cb060519450cc4982f29f8a767e47c4440e26614975f99ecbf3cec04e0cf9cef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
age
367099
server-timing
total;dur=0, dc;desc="dc3"
content-length
18611
last-modified
Thu, 09 Dec 2021 09:16:30 GMT
server
DMS/1.0.42
etag
"61b1c96e-11def"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
ea6731c34d04a405a0a3cd04a01c1776
expires
Mon, 10 Jan 2022 13:51:08 GMT
dmp.interaction.40fa3cd6349ecc185144.js
static1.dmcdn.net/playerv5/ Frame 9407 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.interaction.40fa3cd6349ecc185144.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.manifest.a8563fface00cf3c9b95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
8ca0c44926e7904b379b0abae96e5def8ad7c140d7c68d0ede2f2148e1ad5745

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
age
367104
server-timing
total;dur=0, dc;desc="dc3"
content-length
4757
last-modified
Thu, 09 Dec 2021 09:16:30 GMT
server
DMS/1.0.42
etag
"61b1c96e-3d57"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
6df730720429eb21795843f7c6dbe1ac
expires
Mon, 10 Jan 2022 13:51:03 GMT
/
disqus.com/recommendations/ Frame DAB4 		5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://disqus.com/recommendations/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/recommendations.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
efed9c0be7c7adf375be6a20b399eeb790011c96ec3c3921fa91cc3d0fb7e095
Security Headers
Name Value
Content-Security-Policy script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

Connection
keep-alive
Content-Length
2326
Server
nginx
Content-Type
text/html; charset=utf-8
Content-Security-Policy
script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Last-Modified
Thu, 09 Sep 2021 15:45:27 GMT
Link
<https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control
stale-while-revalidate=30, no-cache, must-revalidate, stale-if-error=3600, public
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin
*
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Encoding
gzip
Date
Wed, 15 Dec 2021 19:49:27 GMT
Age
0
Vary
Accept-Encoding
Cross-Origin-Resource-Policy
cross-origin
Strict-Transport-Security
max-age=300; includeSubdomains
/
www.facebook.com/tr/ Frame 8318 		0
20 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
Origin
https://www.aiupnow.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

content-type
text/plain
access-control-allow-origin
https://www.aiupnow.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
content-length
0
server
proxygen-bolt
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
date
Wed, 15 Dec 2021 19:49:27 GMT
10725365602667708830
tpc.googlesyndication.com/daca_images/simgad/ Frame 8FA7 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/10725365602667708830
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766616&bpp=1&bdt=338&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3465&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=1&fsb=1&xpc=mJaJBCYa8E&p=https%3A//www.aiupnow.com&dtd=5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
46c1bedebd89ea719e5ffe1c9c2075e2f2be84ef1ab1b7fc16e9464eeedeacfe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 13 Dec 2021 10:21:37 GMT
x-content-type-options
nosniff
age
206870
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29307
x-xss-protection
0
last-modified
Mon, 22 Nov 2021 05:55:27 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 13 Dec 2022 10:21:37 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 8FA7 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766616&bpp=1&bdt=338&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3465&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=1&fsb=1&xpc=mJaJBCYa8E&p=https%3A//www.aiupnow.com&dtd=5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:47:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
92
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:47:55 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 8FA7 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766616&bpp=1&bdt=338&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3465&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=1&fsb=1&xpc=mJaJBCYa8E&p=https%3A//www.aiupnow.com&dtd=5
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:45:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
229
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:45:38 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 8FA7 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766616&bpp=1&bdt=338&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3465&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=1&fsb=1&xpc=mJaJBCYa8E&p=https%3A//www.aiupnow.com&dtd=5
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 15 Dec 2021 19:49:27 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 8FA7 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766616&bpp=1&bdt=338&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3465&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=1&fsb=1&xpc=mJaJBCYa8E&p=https%3A//www.aiupnow.com&dtd=5
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:45:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
245
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:45:22 GMT
one_click_handler_one_afma_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 8FA7 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/one_click_handler_one_afma_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766616&bpp=1&bdt=338&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3465&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=1&fsb=1&xpc=mJaJBCYa8E&p=https%3A//www.aiupnow.com&dtd=5
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2cc36b7e19b912c6d09739d2c3edbbb05a272be96736ae9fb0b0a70c2a331d48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 11:09:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
31216
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11415
x-xss-protection
0
server
cafe
etag
3382072337847676073
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 11:09:11 GMT
lounge.load.9068118211410bc5f67f5bb8d6806cba.js
c.disquscdn.com/next/embed/ Frame C2BF 		958 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/lounge.load.9068118211410bc5f67f5bb8d6806cba.js
Requested by
Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:7a00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
0376879a45be95f1d718c2a90d0b35986973e87d6f4c790b4c7046343464b72a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
Origin
https://disqus.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 23:27:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
678140
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
494
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Tue, 07 Dec 2021 22:32:35 GMT
server
nginx
etag
"61afe103-1ee"
content-type
application/javascript; charset=utf-8
via
1.1 882f747f39885162595630c95dd0012d.cloudfront.net (CloudFront)
expires
Wed, 07 Dec 2022 23:27:07 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
IUZBykIpcl2CA43f7hj43lKN7_ov06yXnYK0zNqleM4cYADknYx4rg==
x-cache-hits
0
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 111B 		1 KB
959 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766449&bpp=1&bdt=171&idt=202&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yrheaW2R69&p=https%3A//www.aiupnow.com&dtd=209
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:48:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
54
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
853
x-xss-protection
0
server
cafe
etag
7170004918125193417
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:48:33 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 111B 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766449&bpp=1&bdt=171&idt=202&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yrheaW2R69&p=https%3A//www.aiupnow.com&dtd=209
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:47:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
92
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:47:55 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 111B 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766449&bpp=1&bdt=171&idt=202&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yrheaW2R69&p=https%3A//www.aiupnow.com&dtd=209
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:45:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
229
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:45:38 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 111B 		119 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766449&bpp=1&bdt=171&idt=202&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yrheaW2R69&p=https%3A//www.aiupnow.com&dtd=209
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 15 Dec 2021 19:49:27 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 111B 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766449&bpp=1&bdt=171&idt=202&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yrheaW2R69&p=https%3A//www.aiupnow.com&dtd=209
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:45:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
245
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:45:22 GMT
6d065ef8aad4e53a06604e1059b7b7b3.js
www.gstatic.com/mysidia/ Frame 111B 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766449&bpp=1&bdt=171&idt=202&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yrheaW2R69&p=https%3A//www.aiupnow.com&dtd=209
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 12 Dec 2021 14:47:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
277315
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11408
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 07:52:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Sat, 12 Mar 2022 14:47:32 GMT
bubble.js
resources.infolinks.com/js/1769.027-3.025/ 		156 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/1769.027-3.025/bubble.js
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2093eeb7c8703b51436f09e47b6c107f5dd5068fee50a9ece8dc2f757793ddeb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray
6be232010a6b3628-MAN
date
Wed, 15 Dec 2021 19:49:27 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Sat, 11 Dec 2021 06:26:43 GMT
server
cloudflare
age
3114
etag
W/"27044-5d2d8ec551e5c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
content-encoding
gzip
expires
Fri, 14 Jan 2022 18:57:33 GMT
/
pebed.dm-event.net/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
Origin
https://www.dailymotion.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
*
Access-Control-Max-Age
604800
Server
edward-ed/2.2.1
Date
Wed, 15 Dec 2021 19:49:27 GMT
Content-Length
0
/
pebed.dm-event.net/ Frame 9407 		15 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

Accept
application/json, text/plain, */*
X-Dm-EventBus-Worker-Duration
0
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Language
de-DE,de;q=0.9
X-Dm-EventBus-Compression-Duration
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

Date
Wed, 15 Dec 2021 19:49:27 GMT
Server
edward-ed/2.2.1
Access-Control-Max-Age
604800
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Content-Length
15
ping
api.viglink.com/api/ 		229 B
677 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.viglink.com/api/ping
Requested by
Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.255.13.78 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-255-13-78.eu-west-1.compute.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
9dc79e8f732d935fa82be7d9cfe21ff9dbf9d7251d077155cc6c401647528d30

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:27 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
https://www.aiupnow.com
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
229
Expires
Thu, 01 Jan 1970 00:00:00 GMT
1
mc.yandex.com/watch/53791720/
Redirect Chain
  • https://mc.yandex.com/watch/53791720?wmode=7&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&page-ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&charset=utf-8&brow...
  • https://mc.yandex.com/watch/53791720/1?wmode=7&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&page-ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&charset=utf-8&br...
385 B
539 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/watch/53791720/1?wmode=7&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&page-ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aykcyjkqfph1z85b6in%3Afp%3A568%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A720%3Acn%3A1%3Adp%3A0%3Als%3A527820595439%3Ahid%3A371238071%3Az%3A0%3Ai%3A20211215194927%3Aet%3A1639597767%3Ac%3A1%3Arn%3A328365957%3Arqn%3A1%3Au%3A1639597767748546093%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1639597765853%3Ads%3A0%2C26%2C197%2C82%2C198%2C0%2C%2C408%2C83%2C%2C%2C%2C836%3Adsn%3A0%2C27%2C197%2C81%2C199%2C0%2C%2C329%2C83%2C%2C%2C%2C836%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1639597768%3At%3AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%20-%20The%20Entrepreneurial%20Way%20with%20A.I.&t=gdpr%2814%29aw%281%29ti%282%29
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
ebd3ca7daddf816dd78d248e357299627b6270d31ab83659be8ab344e2c11097
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:28 GMT
x-content-type-options
nosniff
last-modified
Wed, 15-Dec-2021 19:49:28 GMT
strict-transport-security
max-age=31536000
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
385
x-xss-protection
1; mode=block
expires
Wed, 15-Dec-2021 19:49:28 GMT

Redirect headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:27 GMT
last-modified
Wed, 15-Dec-2021 19:49:27 GMT
location
/watch/53791720/1?wmode=7&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&page-ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aykcyjkqfph1z85b6in%3Afp%3A568%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A720%3Acn%3A1%3Adp%3A0%3Als%3A527820595439%3Ahid%3A371238071%3Az%3A0%3Ai%3A20211215194927%3Aet%3A1639597767%3Ac%3A1%3Arn%3A328365957%3Arqn%3A1%3Au%3A1639597767748546093%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1639597765853%3Ads%3A0%2C26%2C197%2C82%2C198%2C0%2C%2C408%2C83%2C%2C%2C%2C836%3Adsn%3A0%2C27%2C197%2C81%2C199%2C0%2C%2C329%2C83%2C%2C%2C%2C836%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1639597768%3At%3AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%20-%20The%20Entrepreneurial%20Way%20with%20A.I.&t=gdpr%2814%29aw%281%29ti%282%29
strict-transport-security
max-age=31536000
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
Wed, 15-Dec-2021 19:49:27 GMT
10725365602667708830
tpc.googlesyndication.com/daca_images/simgad/ Frame 32FB 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/10725365602667708830
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766573&bpp=1&bdt=295&idt=463&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1669&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=SDdx8B8AWf&p=https%3A//www.aiupnow.com&dtd=467
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
46c1bedebd89ea719e5ffe1c9c2075e2f2be84ef1ab1b7fc16e9464eeedeacfe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 13 Dec 2021 10:21:37 GMT
x-content-type-options
nosniff
age
206870
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29307
x-xss-protection
0
last-modified
Mon, 22 Nov 2021 05:55:27 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 13 Dec 2022 10:21:37 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 32FB 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766573&bpp=1&bdt=295&idt=463&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1669&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=SDdx8B8AWf&p=https%3A//www.aiupnow.com&dtd=467
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:47:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
92
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:47:55 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 32FB 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766573&bpp=1&bdt=295&idt=463&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1669&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=SDdx8B8AWf&p=https%3A//www.aiupnow.com&dtd=467
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:45:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
229
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:45:38 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 32FB 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766573&bpp=1&bdt=295&idt=463&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1669&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=SDdx8B8AWf&p=https%3A//www.aiupnow.com&dtd=467
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 15 Dec 2021 19:49:27 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 32FB 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766573&bpp=1&bdt=295&idt=463&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1669&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=SDdx8B8AWf&p=https%3A//www.aiupnow.com&dtd=467
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:45:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
245
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:45:22 GMT
one_click_handler_one_afma_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 32FB 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/one_click_handler_one_afma_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766573&bpp=1&bdt=295&idt=463&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1669&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=SDdx8B8AWf&p=https%3A//www.aiupnow.com&dtd=467
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2cc36b7e19b912c6d09739d2c3edbbb05a272be96736ae9fb0b0a70c2a331d48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 11:09:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
31216
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11415
x-xss-protection
0
server
cafe
etag
3382072337847676073
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 11:09:11 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 8FA7 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CC9Plxka6YazZMMuAsgfblZ64Drm5k5lnqbe4z9wO2dkeEAEgvfTmcGCV-vCBjAegAazyuL8ByAECqQJi2p0dU_oMPqgDAcgDyQSqBIkCT9D2HFPm2X9EYSLy2OYrR6QuXxE6zmSexuI28p3yI1p131czb5lrh72-lUEV1Uge9ppOb_i59CiP3-ncRIj-WelFboE8SVwId8AIk8unaIkwg1WXXMGBarUhU2cjV6p8crUDGbjiqq6YgfCF_hlSEE8nFLUcNsl_7p-x_4nG9mU39VLq7w9IyhMPeW-_BQz0D97GnZ54tvu-A5pEt4UwtaTzt4gO0XKmIEB5VUrbmHtPo3RYlLTHJ9xpF2xroy_EZR0BvkzQYADfN_s1v8f4Vp6seFtYHKWr0FDCDpWZIsQIlv55YWnwVXRQ0UqjVpVJPHKLL4yzsi5Ej_cLj5kXQKDOEckszzISccAE9MH0-egDkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBgKAB7yNx8ACqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ-6oH0ggJCIDhgHAQARgfgAoByAsB2BMM0BUBmBYBgBcBshccChoIABIUcHViLTEzNDIzNDc4NDMzNTEzMzgYAA&sigh=Dmceq1w-2pU&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766616&bpp=1&bdt=338&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3465&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=1&fsb=1&xpc=mJaJBCYa8E&p=https%3A//www.aiupnow.com&dtd=5
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766616&bpp=1&bdt=338&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3465&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=1&fsb=1&xpc=mJaJBCYa8E&p=https%3A//www.aiupnow.com&dtd=5
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 15 Dec 2021 19:49:27 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 111B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CnpGtxka6YY3uLYinkgPEuqSwC6yD1-9m3ZbAupsN-9X0_QgQASC99OZwYJX68IGMB6ABlpDDygPIAQGoAwHIA8MEqgT_AU_Qql8eHit3YNeVVrtTPdhTzN8-jHLtVJR0w5RVgRedPvT3rLogKnbqdVSga6pMTy7cAshriu4V1wZhHoQclVTgbRpL0hUPi2ilHc__0gYEwxBfsFLrbjFFNtv6paHI5DOLZ-MwIhZcgreqDpZQkIlIFu4JiezCE1h543FMmmvrlUPS1VPwD7Pk25oqp4i6Upko0xR3QyS-DJnI0Y9Kn5I0FGnOYJCebQon4elZDf3ZNPQP6RcWenYL-B4DKy5YN_kaE4ypM8nV4p25BhRxWUee1xSR-k8c5IHa51PbZT_4_HQt4Ze3QXd-LU2rqU9UgaIM3_YSV9ZPea3mYPpAfsAEz5Dy6LwDkgUECAQYAZIFBAgFGASgBlGAB9LvvDWoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBCL1BbSCAkIgOGAcBABGB-ACgHICwHYEw3QFQGAFwGyFxwKGggAEhRwdWItMTM0MjM0Nzg0MzM1MTMzOBgA&sigh=u3C-aC6lVHo&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766449&bpp=1&bdt=171&idt=202&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yrheaW2R69&p=https%3A//www.aiupnow.com&dtd=209
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766449&bpp=1&bdt=171&idt=202&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yrheaW2R69&p=https%3A//www.aiupnow.com&dtd=209
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 15 Dec 2021 19:49:27 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
odN6yT5qyq_.png
www.facebook.com/rsrc.php/v3/yS/r/ Frame 2DC3 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/rsrc.php/v3/yS/r/odN6yT5qyq_.png
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/rsrc.php/v3/yN/l/0,cross/JQb9M84BqIm.css?_nc_x=Ij3Wp8lg5Kz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3a16bbf4914a49b1afe816e119c7da2d731dead9167c01d07984ef323e26bfa
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.facebook.com/rsrc.php/v3/yN/l/0,cross/JQb9M84BqIm.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 13 Dec 2021 21:54:11 GMT
x-content-type-options
nosniff
content-md5
jWtlBZOXpZs9LMNqqzeJoA==
document-policy
force-load-at-top
content-security-policy-report-only
default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy
cross-origin
content-length
1341
x-fb-rlafr
0
x-fb-debug
a9NyhfE7TIAg9pu4lx3EaGM8/Isy7ubxEhAmnnOEuWw2isS6KEfru3oSq7Qlo0CSQ34lOieGXileaj7LyHmS+A==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Tue, 13 Dec 2022 21:54:11 GMT
3449905991014507057
tpc.googlesyndication.com/daca_images/simgad/ Frame C0DA 		52 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/3449905991014507057
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766575&bpp=1&bdt=297&idt=564&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3067&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=tPJEadH44t&p=https%3A//www.aiupnow.com&dtd=568
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
93901df4e7c94322ced053d9c8c9dfe1f656e98a3d7f010b53f3db76b8e6069e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 14:38:12 GMT
x-content-type-options
nosniff
age
450675
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
52867
x-xss-protection
0
last-modified
Wed, 01 Sep 2021 08:28:32 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sat, 10 Dec 2022 14:38:12 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame C0DA 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766575&bpp=1&bdt=297&idt=564&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3067&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=tPJEadH44t&p=https%3A//www.aiupnow.com&dtd=568
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:47:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
92
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:47:55 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame C0DA 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766575&bpp=1&bdt=297&idt=564&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3067&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=tPJEadH44t&p=https%3A//www.aiupnow.com&dtd=568
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:45:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
230
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:45:38 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame C0DA 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766575&bpp=1&bdt=297&idt=564&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3067&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=tPJEadH44t&p=https%3A//www.aiupnow.com&dtd=568
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 15 Dec 2021 19:49:28 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame C0DA 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766575&bpp=1&bdt=297&idt=564&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3067&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=tPJEadH44t&p=https%3A//www.aiupnow.com&dtd=568
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:45:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
246
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:45:22 GMT
l
www.google.com/ads/measurement/ Frame C0DA 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRVLzhzM0asG3dNB2O5RQa4MbyTnUuxTyfAkLB9Wo44ei1lXZJ_OC7bVef4psCnRwICSNmt
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766575&bpp=1&bdt=297&idt=564&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3067&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=tPJEadH44t&p=https%3A//www.aiupnow.com&dtd=568
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers
one_click_handler_one_afma_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame C0DA 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/one_click_handler_one_afma_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766575&bpp=1&bdt=297&idt=564&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3067&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=tPJEadH44t&p=https%3A//www.aiupnow.com&dtd=568
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2cc36b7e19b912c6d09739d2c3edbbb05a272be96736ae9fb0b0a70c2a331d48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 11:09:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
31217
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11415
x-xss-protection
0
server
cafe
etag
3382072337847676073
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 11:09:11 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 32FB 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CdA8wx0a6YbGZCMum7wLFlpHYBrm5k5lnqbe4z9wO2dkeEAEgvfTmcGCV-vCBjAegAazyuL8ByAECqQJi2p0dU_oMPqgDAcgDyQSqBIkCT9AExXH_H0fyVIb75BySa2Jr-odZisJYJZA9sNGXaTfDZTK4WkHGHpZ8cPhUwcrmICed2gZhA0UsaIaH6AmGEHKY3rj2v1_EAoHYl7Dip2MNXChb5KGKi3a-SJUB7ZJBShlXD3eZVlLDYpAPqWp2VjHn_Yj6bxkS98WSKknmxO5oiAXzr1fICXk_taugq07iNbQ4P00w3c4RtzsWfv271urillE1dU-9AfBOrsHFEimZmYLpAXTDcr9dLHsnMDnF-KAGMNx_lwyRGaWk5ykzTUNdaUwo2UB0GU6nyQ1ZcmTDoIzHNDK_lgIsZ24vfolNc_aKozAMWLHK4Xk1CTl5ohObvs0b1m74DMAE9MH0-egDkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBgKAB7yNx8ACqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ4MgK0ggJCIDhgHAQARgfgAoByAsB2BMM0BUBmBYBgBcBshccChoIABIUcHViLTEzNDIzNDc4NDMzNTEzMzgYAA&sigh=c6SwB1gJMHQ&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766573&bpp=1&bdt=295&idt=463&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1669&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=SDdx8B8AWf&p=https%3A//www.aiupnow.com&dtd=467
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766573&bpp=1&bdt=295&idt=463&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1669&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=SDdx8B8AWf&p=https%3A//www.aiupnow.com&dtd=467
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 15 Dec 2021 19:49:27 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
16931801857099529234
tpc.googlesyndication.com/simgad/ Frame DD2D 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/16931801857099529234?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qnAxO3DmqsryMGDGxV2VocyAxV9pg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766526&bpp=4&bdt=248&idt=419&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=08EpsWnfa3&p=https%3A//www.aiupnow.com&dtd=428
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
00d645dba8306a4c4566eeca187f39f06012c13ff1c5b30b9bb480131d48e491
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 14:10:58 GMT
x-content-type-options
nosniff
age
106709
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22946
x-xss-protection
0
last-modified
Mon, 20 Sep 2021 09:26:53 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 14 Dec 2022 14:10:58 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame DD2D 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766526&bpp=4&bdt=248&idt=419&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=08EpsWnfa3&p=https%3A//www.aiupnow.com&dtd=428
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:47:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
92
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:47:55 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame DD2D 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766526&bpp=4&bdt=248&idt=419&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=08EpsWnfa3&p=https%3A//www.aiupnow.com&dtd=428
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:45:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
230
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:45:38 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame DD2D 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766526&bpp=4&bdt=248&idt=419&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=08EpsWnfa3&p=https%3A//www.aiupnow.com&dtd=428
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:45:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
246
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:45:22 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame DD2D 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766526&bpp=4&bdt=248&idt=419&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=08EpsWnfa3&p=https%3A//www.aiupnow.com&dtd=428
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 15 Dec 2021 19:49:28 GMT
one_click_handler_one_afma_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame DD2D 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/one_click_handler_one_afma_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766526&bpp=4&bdt=248&idt=419&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=08EpsWnfa3&p=https%3A//www.aiupnow.com&dtd=428
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2cc36b7e19b912c6d09739d2c3edbbb05a272be96736ae9fb0b0a70c2a331d48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 11:09:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
31217
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11415
x-xss-protection
0
server
cafe
etag
3382072337847676073
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 11:09:11 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame B0D9 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766616&bpp=1&bdt=338&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3465&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=1&fsb=1&xpc=mJaJBCYa8E&p=https%3A//www.aiupnow.com&dtd=5
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766616&bpp=1&bdt=338&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3465&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=1&fsb=1&xpc=mJaJBCYa8E&p=https%3A//www.aiupnow.com&dtd=5

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Wed, 15 Dec 2021 19:04:34 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
2693
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
dcm
s.amazon-adsystem.com/ Frame 300C
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbpGxyxA38x5_C53HMfxAgAABGUAAAAB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbpGxyxA38x5_C53HMfxAgAABGUAAAAB&dcc=t
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbpGxyxA38x5_C53HMfxAgAABGUAAAAB&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Server
209.54.177.54 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:28 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
Z6DA144TKFFWQ2M27XRV
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:28 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
6CZ8KFXWEAF915KE2QFY
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbpGxyxA38x5_C53HMfxAgAABGUAAAAB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame 300C 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:27 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
usermatchredir
ssum-sec.casalemedia.com/ Frame 300C
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YbpGxyxA38x5_C53HMfxAgAABGUAAAAB&gdpr_consent=&us_privacy=&gdpr=1
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEHrLtN7Aoj4oY6WAEpF5A7A&google_cver=1
43 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEHrLtN7Aoj4oY6WAEpF5A7A&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:28 GMT
Server
Apache
Vary
Is-Traffic-Usersync
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
43
Expires
Wed, 15 Dec 2021 19:49:28 GMT

Redirect headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:28 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEHrLtN7Aoj4oY6WAEpF5A7A&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
343
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 300C
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YbpGxyxA38x5-C53HMfxAgAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESENKsDhhBcSx0y2C79SPv9qU&google_cver=1&gdpr=1
43 B
1009 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESENKsDhhBcSx0y2C79SPv9qU&google_cver=1&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:28 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 15 Dec 2021 19:49:28 GMT

Redirect headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:28 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESENKsDhhBcSx0y2C79SPv9qU&google_cver=1&gdpr=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
325
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 300C
Redirect Chain
  • https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1
  • https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&gdpr=1&prevuid=&knw=0
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
43 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:28 GMT
Server
Apache
Vary
Is-Traffic-Usersync
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
43
Expires
Wed, 15 Dec 2021 19:49:28 GMT

Redirect headers

date
Wed, 15 Dec 2021 19:49:28 GMT
server
nginx
access-control-allow-origin
*
transfer-encoding
chunked
access-control-allow-methods
POST, GET, OPTIONS
p3p
CP="NOI DEV OUR BUS UNI"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=
cache-control
no-cache
content-type
text/html; charset=UTF-8
access-control-allow-headers
Origin
keep-alive
timeout=10
crum
dsum-sec.casalemedia.com/ Frame 300C
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=8mQzji861MXAhi5&gdpr=1
43 B
997 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=8mQzji861MXAhi5&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:28 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 15 Dec 2021 19:49:28 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:27 GMT
Server
PingMatch/v2.0.30-693-g87a8e09#rel-ec2-master i-0fb8f8c60b2bcfa88@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=8mQzji861MXAhi5&gdpr=1
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 300C
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48&gdpr=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1642189768
43 B
982 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1642189768
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:28 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 15 Dec 2021 19:49:28 GMT

Redirect headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:27 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1642189768
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
bridge
cm.adgrx.com/ Frame 300C 		43 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.adgrx.com/bridge?AG_PID=casale&AG_SETCOOKIE&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
173.231.184.20 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
lga-cassandra-1.sys.adgear.com
Software
Cowboy /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:28 GMT
server
Cowboy
P3P
CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate, proxy-revalidate
Connection
keep-alive
Content-Type
image/gif
X-RealServer-NX
lga-delivery-1
Content-Length
43
Expires
Thu, 23 Sep 2004 17:42:04 GMT
ix-usync
router.infolinks.com/dyn/ Frame 300C 		35 B
197 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/ix-usync?uid=YbpGxyxA38x5-C53HMfxAgAA%261125
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:28 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
6be232029cc83628-MAN
content-length
35
expires
Tue, 15 Dec 2020 19:49:28 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame C0DA 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=Cl12ax0a6YbapCriA1fAPyqmesAXztbKGZ_Xv_KD_DrGspYzZKRABIL305nBglfrwgYwHoAGY7uqhA8gBAqkCVKI2fd3gsj6oAwHIA8kEqgSDAk_QCYnqyuvrg1RItD5oi3FR1NKpk6SLy0Ma1qbVwcVeGYkwfdbGpnW5KFMVCmZ5JNE3-y9hsgpwc7ODCCQruucUDBwPyvxQmFAwPcuO_E5m79oI03iYq3aHOOmWKAj3S12zM2OibGXvpm47IiXgrKQOnNe6LnLQ6zQBM2cPeDk3xEJc9AtJyWHeajLjgJSPSAmeQ0qDU4IjYGHv7PQOsgt_RJXgt4GSDyF7EnHHdrQ0tiqFe8Gw77N96LKs_MkrkUb_K0G8bUZIEPgKawh0LqJ2cwTeYDhGSkFjIvZ-vz4rKW2PAc-C0NS-flxbKIz6-FDEvKj3yue4SlK2U9g_zw3Ah2vABNSLrLnkA5IFBAgEGAGSBQQIBRgEoAYCgAfQkZVeqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQt98J0ggJCIDhgHAQARgfgAoByAsB2BMN0BUBmBYBgBcBshccChoIABIUcHViLTEzNDIzNDc4NDMzNTEzMzgYAA&sigh=6renY7e2SJY&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766575&bpp=1&bdt=297&idt=564&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3067&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=tPJEadH44t&p=https%3A//www.aiupnow.com&dtd=568
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766575&bpp=1&bdt=297&idt=564&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3067&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=tPJEadH44t&p=https%3A//www.aiupnow.com&dtd=568
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 15 Dec 2021 19:49:28 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/ Frame DBFC 		51 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/rpc:shindig_random.js?onload=init
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d8a6f2a85533d8b0a3572be5fa46cb09629d8f54f28bf40c52e0878d68caa046
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 11 Dec 2021 13:25:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
368655
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18237
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Sun, 11 Dec 2022 13:25:13 GMT
bridge3.492.0_en.html
imasdk.googleapis.com/js/core/ Frame 6EDF 		597 KB
194 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.492.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc0e86fa9839984b0d1c815a1008ba178b8e3b50f347ee2446d967e6fea8d09b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length
198450
date
Mon, 13 Dec 2021 09:13:33 GMT
expires
Tue, 13 Dec 2022 09:13:33 GMT
last-modified
Mon, 13 Dec 2021 09:11:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
210955
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
client.js
s0.2mdn.net/instream/video/ Frame 58D9 		44 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 15 Dec 2021 19:49:28 GMT
dmp.dynamic_quality_switcher.810da786f426fdf0a69c.js
static1.dmcdn.net/playerv5/ Frame 9407 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.dynamic_quality_switcher.810da786f426fdf0a69c.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.manifest.a8563fface00cf3c9b95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
03de68cb1fdd007abd024234102ebef9781fbea17813281d3a5717d25870762c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:28 GMT
content-encoding
gzip
age
367097
server-timing
total;dur=0, dc;desc="dc3"
content-length
7196
last-modified
Thu, 09 Dec 2021 09:16:30 GMT
server
DMS/1.0.42
etag
"61b1c96e-57b0"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
e8577fb6b1654e133ff3d1ecfc06c9b0
expires
Mon, 10 Jan 2022 13:51:11 GMT
dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
static1.dmcdn.net/playerv5/ Frame 9407 		189 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.manifest.a8563fface00cf3c9b95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
ca356d69f023a86170e7197b26266cc9f913b54fc90e96a760cec4152b7848b1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:28 GMT
content-encoding
gzip
age
367097
server-timing
total;dur=0, dc;desc="dc3"
content-length
54717
last-modified
Thu, 09 Dec 2021 09:16:30 GMT
server
DMS/1.0.42
etag
"61b1c96e-2f204"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
4c8a4f1f16264621d9b7851998646a86
expires
Mon, 10 Jan 2022 13:51:11 GMT
x7zgqmr.m3u8
dmxleo.dailymotion.com/cdn/manifest/video/ Frame 9407 		0
314 B 		Script
General
Check archive.org
Download Go to
Full URL
https://dmxleo.dailymotion.com/cdn/manifest/video/x7zgqmr.m3u8?auth=1639770567-2562-1qe9vtgi-0dbf7c191a28db19f6c6a8c2df0c22ddZ2PigrR6HLSRMUwOJXOLh3GwAJw1AfWuWPITzCQpJdfQfNFtymzlyPwJ6beVexik1QiHHKdG_KXLVHDMnwk8OxwPLp3M0mRgIVhGkkaxbYlDaR_P_PFQzgdtDtywQkDuDNtpgHX_4-lzOvS20KYA9ZNlHf2Ewbhq1-K0QFpX4MMlYLxEQ61MsTLvhmST9JocjGd2ilfuqN8Fpk1k41SL3zksZJyfMgbVPdASXLIqQ9aZmEkxtXGuYL7IFNrsHq379LbpXLkdUIW8YIKOt10hs0PFRLHYiHDtSBUl5eVAOksZ2FqeuxjgBkURT7fkjgH5KWQTSw-rCnqL8crXRqKwDw2Fj2wIF_91KOGBPJ0mf-8e3u2ND9-Xm5QGy4UVEtj3uQ3VVu4_iEDkPQaK6NgWm7W6uFtYk6Hl-5la1Tb49VJeUpTYe1kLSYVqenrXsx5UytVoR4ePAlnsveoiLB5niKmhshOC4SOefyF89vKgQYbe1TWd2Y7ZhPG2CV5cIjZcx5iZS0ZV7C693aYCHB-DdUMnVHItObIL1CQvWR3yvAZJ7mXg_AgFwh4ifIBNJMPRDyss9mK-j9NHg4MahQkDT8aN_-ttZRxqJz9NqJVC3wDo0h7LMRE7_7aQMC8rQK6KzRYX-8kuG3QBzU_3nNZImIBaHJzTPl3fR7PPPUvyCwVQpXFQ_oSaTrYdGKAEWMV4l8a3aHJQMtUcO9p1RQ_rAwcI5lHT6Ue-u5Ydrc8nf_-3ZoLIGZ_6mlRTXG8TAuMvjr26E1RNOIN_z3medMNMIhj0gZ4-qJkQCGyMXI_OkEFAhjHyg1qgfLT5Kk_pCe-FdHM6o-Vf4IGouv4Ps5iN3_ND76AxscOLxfvSHQuC7pM3onyAjUv4jJWNS8w0PF-hdcJyTqxD-twkmEFVJlF-KR2FxhI8c6vuT4_3jMKauAn4iU8pqG0bPHbVNn8dNt_xfdfT6KkAJrZ9jtT2jsC646hkubbtZxd9GhPY7tiqjzUgEzAZrATZyZaxSfbqKUu1Y_wPaaW0qpzNWHv4388EU9elU7vptJaeVqRle7tqe3QtbLcynqUEPYa55PF3FXu2Nj_Td5FO-WCyrTDpSMbfHmtGsTJLI_Gd6HO3PY9nzByhnG6TgkKYzRocZEvm4mX3PF_I39dD6YX2GJDl_o4ENUJEZvlGhM0yl782HBbC14bsXaUE1-UMyNY5vgtXcvO-ejpT6qPbi3NTjfo8RjQN0sd5wMVer4UXHLvSxjUPWtSvJZXhcAxbo02ntCxmM6lSSuTkKfXTrcJ2Pm-N6pFVziAL6SH3PThktKbFmTB_CuxbdclJEDiiDJMNgOj-WqitiBGw0HKZ1CYCSoGk_8F1ZA8scv81zDvMNXrH4ADRLRVk0s6LGfbdOpI3aON-Qi-mVYFMIMikEiCQyRv9cO-axkjLwUmOcos_cMGhBrTsKCJRE9H-UdmEDHYrB9wvVzgyVh4B17jRJ-LPq-Yf73uWqDSBHe0BWSHvzPkqa3RQKZBJqlWQIEOfiXXDOSm2PxdWX2U6NUEIsEKAxFHy8lxzwVKxxD2TadvYhcEpAuSptIkVpZJG7x_Mn4hnf59EJz1d73fFV5oIJMrJkqi-AWXPicmHOYKrU9OBU3vpyWSRPahKAamSlZ6Pm9yM_JYiO_1yzL9l0dM8AKA7wkovErHt9yZUsYLpih3Ui_PdzP6gqohI9_98x0h4R5S5dw_fKpzU0Rak8UO3t7v05EbLFGkdfjiGzWzujqyzhcVQg8RfpJwZj_6v_KbvMxdhcOVY8K7SvBOMGkBP0J35gB9-Jy03Vf-FPE5SSBNdtv0AGNpvpCmYR59r9hIXLvtG2TuDFOG39lIBxztJLHsNSuj8XpOQ1N8145f-jH_zDstXqdkEHcGZd6cp1ioHvjtzOuV4wWRkNX0iegHDIyaNWqpS-9BjxZ89Tms2Ubf-jhqdpUerJ3cpRD8ZgO_0HEXJnXKYhhxdDuJwJOnm8FFiAz90SxMmfmySZOFcKq9uygArMEXu49S_EddmbmEcmpxIrX9on4eHzmuK04y2SH1cGA5EjYXnMVcEPsGKr2tk2CsTTFzfKkWs8ATvcEpRd3AIzu2QU0s06JW7IqdlX-fVzKCmIvOuRcWX6fc0pnGcHqqSopEjlJo1iPx5-neEnfVS7MCC1k588fmSoMTj82dq99rzJeH7vUbta3XpSTIeb-e7D_il0VzT_HwC48kcBFNSUPvSSEkD1Gi-flyp43MGAExvD0DkvbhxqzRsmPMdYap0b_dlVtowZhBayCxzZQHY0jDhVRwUchtjbtpWsohsZY1C7qB0SMJ8qGTULqWzqpCc6oKR24uT9vmWIQxtpfqr5McfganH2iiwSTBiS8PZJSwDcM536udnUjWuCCKeajSZFXiCO5g2ZfAhZ_VKwrMDb11XcZrHa8Ouf2EQLnn69Gkw7Yj7XKMOLZxgObonSZvNnq49X4Bcb8y3L6F9fJMUt65w6eVUi4vY_smjmMXdytWfbuT3jxTMegWOYwz4QSvT7ZzCjOO7gc9AGK8onKc-N1KkefjfeX1co_CNnUoPGTlOqhShnt-gj43UMrDmuDY7Z8Nov_6je2bFsuWVHozQFIdcZWkyga8WUvQPLfhFA4n76-x3HnYrmdltV-a31FwSOJpmdPkD1Ky1clAoyx_lyUef_4MMzyFIuHPox8ORH-MdA4MGZAohb6Ad0pywaP4hUXGvrzOiN_LwMWWBt-2FU3GUJIXrz2I_8dhquZR1uYYlf6pCt5Q&bs=1&cookie_sync_ab_gk=1&reader_gdpr_flag=1&reader_gdpr_consent=&gdpr_binary_consent=opt-out&gdpr_comes_from_infopack=0&reader_us_privacy=1---
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.theme_neon.1783142d9b9ad037170c.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.65.124.38 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
icscale-01-pub-ix7.vip.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-dm-lb-name
icscale-01-01.adm.ix7.dailymotion.com
date
Wed, 15 Dec 2021 19:49:28 GMT
content-encoding
gzip
server
nginx/1.19.3
strict-transport-security
max-age=15724800; includeSubDomains
access-control-allow-methods
GET
access-control-allow-origin
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
access-control-allow-credentials
true
access-control-allow-headers
Authorization, Content-Type
de974e0de653beaf8b7a147538108e14.js
www.gstatic.com/mysidia/ Frame 3E70 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/de974e0de653beaf8b7a147538108e14.js?tag=client_fast_engine_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766471&bpp=2&bdt=193&idt=433&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=NgnToCu2Ou&p=https%3A//www.aiupnow.com&dtd=437
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c9a70686ad065d96298301b1fe7daf4199a4e72348dd638330390f7763ae226b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 12 Dec 2021 15:16:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
275607
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3353
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 07:52:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Sat, 12 Mar 2022 15:16:01 GMT
4c162666b480f9d25b4d1657ab76b19c.js
www.gstatic.com/mysidia/ Frame 3E70 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/4c162666b480f9d25b4d1657ab76b19c.js?tag=pingback
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766471&bpp=2&bdt=193&idt=433&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=NgnToCu2Ou&p=https%3A//www.aiupnow.com&dtd=437
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
422322a5b664a67b41d5548903029f24d41665edf71afa39bc31dc5b03c668c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 12 Dec 2021 15:16:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
275607
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4817
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 07:52:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Sat, 12 Mar 2022 15:16:01 GMT
css
fonts.googleapis.com/ Frame 3E70 		4 KB
618 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766471&bpp=2&bdt=193&idt=433&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=NgnToCu2Ou&p=https%3A//www.aiupnow.com&dtd=437
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 18:23:39 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 15 Dec 2021 19:49:28 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 15 Dec 2021 19:49:28 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 3E70 		1 KB
880 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766471&bpp=2&bdt=193&idt=433&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=NgnToCu2Ou&p=https%3A//www.aiupnow.com&dtd=437
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:48:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
55
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
853
x-xss-protection
0
server
cafe
etag
7170004918125193417
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:48:33 GMT
e485ffd488b44fd3558b39d314f67b09.js
www.gstatic.com/mysidia/ Frame 3E70 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/e485ffd488b44fd3558b39d314f67b09.js?tag=analytics_pingback_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766471&bpp=2&bdt=193&idt=433&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=NgnToCu2Ou&p=https%3A//www.aiupnow.com&dtd=437
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cd2002cdf21b9a1c068b3b6f24ece6d21d00ecdf3b14de9b37372425e8045e90
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 12 Dec 2021 15:16:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
275607
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2354
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 07:52:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Sat, 12 Mar 2022 15:16:01 GMT
common.bundle.2f2f40d40785c9541a90e9086c8770a3.js
c.disquscdn.com/next/embed/ Frame C2BF 		282 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/common.bundle.2f2f40d40785c9541a90e9086c8770a3.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.9068118211410bc5f67f5bb8d6806cba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:7a00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
4d958aa0fe56b2c9ef407522721c72a3f0ac4f0ae063a2e2d05c134b7a79fa85
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 25 Oct 2021 14:45:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
4424638
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
94779
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Fri, 22 Oct 2021 00:26:02 GMT
server
nginx
etag
"6172051a-1723b"
content-type
application/javascript; charset=utf-8
via
1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
expires
Tue, 25 Oct 2022 14:45:30 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
wXETummMJhCdm9Cb0twqAvRtK_60el63D96R02yXVrDEoHiq2cSTuw==
x-cache-hits
0
adview
googleads.g.doubleclick.net/pagead/ Frame DD2D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CCWv3x0a6YemAA4-O7wLhlYTQBMHC39NmgO7j2O8O2dkeEAEgvfTmcGCV-vCBjAegAZ2ovaMDyAECqQI18FO2U4N9PqgDAcgDyQSqBJcCT9C8QrVpG2cuHXVp9QZEDC9va31CO1nEpBtQ6ygBlD6njFKBhR9s0A3LSt0laV0U2IHESs7s9g1CR8p2-epdqOEKAR9kRpT770FXrsLRQUBwWglKmpeK-KCVpdMwNdF6YKstjS83j5Gp130CmF4uCztoUQAYAp4K9LZal6TOV-D-cN3Fd5JVV-jA8vzzxwaboMH_vaMrSsb7MUQK6FU1oRhzWLBJz9h2Eu-v7zXIAXiWXdHNTMGFYNefEWL0C-wjiCWQ_1udsCVSd6UlcDaFzvrTXM9N_DYdJkEM75fiWsVA5xCQWF6-CWjeZUgnANbWGjMrX8klrf00NXcbEB_lfqx1tKxj4tO0yOYXx81J92kAkFINpBE5wAS9hLPNuAOSBQQIBBgBkgUECAUYBKAGAoAHy9fCXKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEKjcFdIICQiA4YBwEAEYH4AKAcgLAdgTDdAVAZgWAYAXAbIXHAoaCAASFHB1Yi0xMzQyMzQ3ODQzMzUxMzM4GAA&sigh=IWZbqt17DY0&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766526&bpp=4&bdt=248&idt=419&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=08EpsWnfa3&p=https%3A//www.aiupnow.com&dtd=428
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766526&bpp=4&bdt=248&idt=419&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=08EpsWnfa3&p=https%3A//www.aiupnow.com&dtd=428
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 15 Dec 2021 19:49:28 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
s
googleads.g.doubleclick.net/pagead/drt/ Frame ABED 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766573&bpp=1&bdt=295&idt=463&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1669&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=SDdx8B8AWf&p=https%3A//www.aiupnow.com&dtd=467
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766573&bpp=1&bdt=295&idt=463&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1669&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=SDdx8B8AWf&p=https%3A//www.aiupnow.com&dtd=467

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Wed, 15 Dec 2021 19:04:34 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
2694
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
intag_incontent.js
resources.infolinks.com/js/1769.027-3.025/ 		173 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/1769.027-3.025/intag_incontent.js
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
667d0547d8f8567828193f76f5fbd55bbb4244351313a8a8f3d85d171d1af49f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray
6be23202ace83628-MAN
date
Wed, 15 Dec 2021 19:49:28 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Sat, 11 Dec 2021 06:26:43 GMT
server
cloudflare
age
2465
etag
W/"2b399-5d2d8ec55168c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
content-encoding
gzip
expires
Fri, 14 Jan 2022 19:08:23 GMT
truncated
/ Frame 8FA7 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9bd3fd8eacf952bb385c082951129874ee16563fc03ec6d3de690331f0374492

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
s
googleads.g.doubleclick.net/pagead/drt/ Frame C9F7 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766575&bpp=1&bdt=297&idt=564&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3067&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=tPJEadH44t&p=https%3A//www.aiupnow.com&dtd=568
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766575&bpp=1&bdt=297&idt=564&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3067&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=tPJEadH44t&p=https%3A//www.aiupnow.com&dtd=568

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Wed, 15 Dec 2021 19:04:34 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
2694
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 3E70 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766471&bpp=2&bdt=193&idt=433&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=NgnToCu2Ou&p=https%3A//www.aiupnow.com&dtd=437
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:47:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
93
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:47:55 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 3E70 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766471&bpp=2&bdt=193&idt=433&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=NgnToCu2Ou&p=https%3A//www.aiupnow.com&dtd=437
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:45:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
230
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:45:38 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 3E70 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766471&bpp=2&bdt=193&idt=433&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=NgnToCu2Ou&p=https%3A//www.aiupnow.com&dtd=437
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 15 Dec 2021 19:49:28 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 3E70 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766471&bpp=2&bdt=193&idt=433&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=NgnToCu2Ou&p=https%3A//www.aiupnow.com&dtd=437
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:45:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
246
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:45:22 GMT
6d065ef8aad4e53a06604e1059b7b7b3.js
www.gstatic.com/mysidia/ Frame 3E70 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766471&bpp=2&bdt=193&idt=433&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=NgnToCu2Ou&p=https%3A//www.aiupnow.com&dtd=437
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 12 Dec 2021 14:47:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
277316
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11408
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 07:52:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Sat, 12 Mar 2022 14:47:32 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame 242A 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766449&bpp=1&bdt=171&idt=202&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yrheaW2R69&p=https%3A//www.aiupnow.com&dtd=209
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766449&bpp=1&bdt=171&idt=202&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yrheaW2R69&p=https%3A//www.aiupnow.com&dtd=209

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Wed, 15 Dec 2021 19:04:34 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
2694
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 111B 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
27746de35ee5f13bf40b6ba062482d955c8af62190c303cbd148c5338e91082b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
cast_sender.js
www.gstatic.com/eureka/clank/96/ Frame 9407 		52 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/eureka/clank/96/cast_sender.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
25fcfee1ad623c5654d6a20d5936f56999688ce944da13f9ea606cf4b9fc18d5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 18:24:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5095
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15236
x-xss-protection
0
last-modified
Mon, 04 Oct 2021 15:10:33 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type
text/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="cloudview-release"
expires
Thu, 16 Dec 2021 18:24:33 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame D9F0 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766526&bpp=4&bdt=248&idt=419&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=08EpsWnfa3&p=https%3A//www.aiupnow.com&dtd=428
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766526&bpp=4&bdt=248&idt=419&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=08EpsWnfa3&p=https%3A//www.aiupnow.com&dtd=428

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Wed, 15 Dec 2021 19:04:34 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
2694
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 32FB 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ff8dcc686a05a7786142167eba62158d2ad9d25d404d95324dec39cc5fa0303e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
recommendations.load.42dfcc5041eed24b84f85a10a88fa215.js
c.disquscdn.com/next/recommendations/ Frame DAB4 		923 B
1017 B 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/recommendations.load.42dfcc5041eed24b84f85a10a88fa215.js
Requested by
Host: disqus.com
URL: https://disqus.com/recommendations/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:7a00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
f2bfdbf7d2df8d37016a17d53674d2799bb77996a763bf2bee8b1f604dd31a9f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://disqus.com/
Origin
https://disqus.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 18 Oct 2021 21:23:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5005562
x-cache
Hit from cloudfront
content-length
446
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 18 Oct 2021 21:05:37 GMT
server
nginx
etag
"616de1a1-1be"
content-type
application/javascript; charset=utf-8
via
1.1 882f747f39885162595630c95dd0012d.cloudfront.net (CloudFront)
expires
Tue, 18 Oct 2022 21:23:25 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
qDZc41OEd2GHCRO5YuKUrDUp9iuJhWlogwkHU2_j6az4RMvsMBFzbQ==
x-cache-hits
0
4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 111B 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 10:56:24 GMT
x-content-type-options
nosniff
age
118384
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21660
x-xss-protection
0
last-modified
Wed, 01 Sep 2021 18:07:18 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 14 Dec 2022 10:56:24 GMT
4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 111B 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 20:07:29 GMT
x-content-type-options
nosniff
age
85319
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21424
x-xss-protection
0
last-modified
Wed, 01 Sep 2021 18:08:24 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 14 Dec 2022 20:07:29 GMT
domains
api.viglink.com/api/ 		76 B
523 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.viglink.com/api/domains
Requested by
Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.255.13.78 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-255-13-78.eu-west-1.compute.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
64c66ff5f2a8ca13445bc35e1963ce0c25a355ed2c9c4df646b37f2602d68efc

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:27 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
https://www.aiupnow.com
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
76
Expires
Thu, 01 Jan 1970 00:00:00 GMT
truncated
/ Frame C0DA 		207 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e5166358a3dbbbf16f4d4cf8dceef295330e6b575ea9cd289fda59bd4b39ab7b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 81BA 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:48:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
38
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Wed, 15 Dec 2021 20:48:50 GMT
truncated
/ Frame DD2D 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
03828a968e79266db7600d2c5b34ebfa49a2903abefae530ab9076182bccb3f5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
reactive_library_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/ 		149 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/reactive_library_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3fb03c5889929639808be7ec57fdcac0a13e2bc5de31ac48723aeca4c2ff246e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
54385
x-xss-protection
0
server
cafe
etag
4993246191385855005
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Wed, 15 Dec 2021 19:49:28 GMT
cb=gapi.loaded_3
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=gapi_iframes_style_bubble/exm=auth,profile,ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=gapi_iframes_style_bubble/exm=auth,profile,ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_3
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/platform.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c4a8c639edd67d769faf82914dc8ff0a1104373b575707f5f363ba8a91f78acd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 04:22:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
55636
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5103
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 04:22:12 GMT
getads.htm
rt3054.infolinks.com/action/ 		124 B
230 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rt3054.infolinks.com/action/getads.htm?hks=%5B%7B%22lid%22%3A%22IL_IN_ARTICLE0%22%2C%22bdc%22%3A1%2C%22prod_t%22%3A%22a%22%2C%22miw%22%3A1%2C%22maw%22%3A342%2C%22mih%22%3A12%2C%22mah%22%3A2400%2C%22sdata%22%3A%22image%22%2C%22scs%22%3A%22ylN-pdKRQm%22%7D%5D&rid=1f1fcfce-c92a-445f-b110-f809d211bfed&jsv=1769.027-3.025&sr=1600X1200&rts=1639597768556&cfv=-1&ref=t.co%2FIMBWIxzlWq&cb=getAdsResponse&os=Windows&ov=10&br=Chrome&bv=96.0.4664.93&dv=p&ce=t&purl=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&tzo=-0000&c=c&strg=true&rsd=gqyl9hAKvbYFPpN0P4GUr8KKYgR1jSnsWqmNOU8f62qdl-0E1t5r2bHAz1pxqBBKBk5ZwNC3c0SjstjkmqAUK477kWmaoCgSU6bAodxPj0_bBA4kcxK_HWOpPWV8KtG4RMDJTLPB9beLSgHJztmLLenTwhbH85f8&rsk=43&rcs=h8oeYILRJhw6Cep39KBC0g&hbnr=false
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c4bac60605cc28d70120aeebfd16265f062a1192d0f51a0384ab90453818e894

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:28 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
p3p
CP="NON DSP NID OUR COR"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-language
de-DE
content-type
text/html;charset=UTF-8
cache-control
no-cache,no-store
cf-ray
6be232059a373628-MAN
x-application-context
application:prod
expires
Thu, 01 Jan 1970 00:00:00 GMT
dcl.htm
rt3054.infolinks.com/action/ 		0
116 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rt3054.infolinks.com/action/dcl.htm?rid=1f1fcfce-c92a-445f-b110-f809d211bfed&jsv=1769.027-3.025&capara=%7B%22mode%22%3A%22default%22%2C%22markers%22%3A1%7D
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:28 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
text/html;charset=UTF-8
cache-control
no-cache,no-store
cf-ray
6be232059a3b3628-MAN
content-length
0
x-application-context
application:prod
expires
Thu, 01 Jan 1970 00:00:00 GMT
lounge.7ab903feba7624935283ca4c7d8c7203.css
c.disquscdn.com/next/embed/styles/ Frame C2BF 		165 KB
26 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.2f2f40d40785c9541a90e9086c8770a3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:7a00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
9f05592df6a80686d7216adbbc60dd18c978741182ed9e09a863de7374931f0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 23:27:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
678141
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
26065
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Tue, 07 Dec 2021 22:32:35 GMT
server
nginx
etag
"61afe103-65d1"
content-type
text/css; charset=utf-8
via
1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
expires
Wed, 07 Dec 2022 23:27:07 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
Imh_om5RX-urhs156KOwWwzhWolQlIbwdfT3r1gO2M0u1PCkTTb77w==
x-cache-hits
0
RetinaMedium.2811330fd8cd981352918b4059564b10.woff2
static1.dmcdn.net/playerv5/fonts/ Frame 9407 		36 KB
36 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/fonts/RetinaMedium.2811330fd8cd981352918b4059564b10.woff2
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
0365e3f4d308d0beec787524d9a2f686351e1011555515526ddfaf34176d0514

Request headers

Referer
https://www.dailymotion.com/
Origin
https://www.dailymotion.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:28 GMT
last-modified
Mon, 06 Dec 2021 16:11:24 GMT
server
DMS/1.0.42
age
788379
etag
"61ae362c-8fcc"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=2592000
server-timing
total;dur=0, dc;desc="dc3"
accept-ranges
bytes
timing-allow-origin
*
content-length
36812
x-llid
cba902a481b1528b99a57722586e2a21
expires
Wed, 05 Jan 2022 16:49:49 GMT
5783251670283858574
tpc.googlesyndication.com/daca_images/simgad/ Frame 3E70 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/5783251670283858574?w=400&h=209
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766471&bpp=2&bdt=193&idt=433&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=NgnToCu2Ou&p=https%3A//www.aiupnow.com&dtd=437
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2b0b6e35e73c54eb20f0b7cb282a8c0160daca9b1f829452880bda68d691937d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 11 Dec 2021 12:33:09 GMT
x-content-type-options
nosniff
age
371779
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14505
x-xss-protection
0
last-modified
Wed, 08 Feb 2017 19:28:33 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sat, 18 Dec 2021 12:33:09 GMT
common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
c.disquscdn.com/next/recommendations/ Frame DAB4 		262 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/recommendations.load.42dfcc5041eed24b84f85a10a88fa215.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:7a00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
5fae79754e7af92e6afadc3060797e3d35188221e60d63d0625f66cf921e7ebb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 18 Oct 2021 21:23:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5005563
x-cache
Hit from cloudfront
content-length
88862
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 18 Oct 2021 21:05:37 GMT
server
nginx
etag
"616de1a1-15b1e"
content-type
application/javascript; charset=utf-8
via
1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
expires
Tue, 18 Oct 2022 21:23:25 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
brK4gAMNfEvbLWcadBTavSqpfj6cgbPaf8anymdmOFkiRZYhIurnRA==
x-cache-hits
0
adview
googleads.g.doubleclick.net/pagead/ Frame 3E70 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C_xtlx0a6Yf8cp4Tktw_ilrmADqyD1-9m3ZbAupsN-9X0_QgQASC99OZwYJX68IGMB6ABlpDDygPIAQGoAwHIA8MEqgSDAk_QjNpBYeI4EBKb88T_0ZUgkVCBlwtVd3-qqrntzcqtoJQ7LZ6esW6qbob0or_A6_6j45QGMwDrtSolDTl9fgLGAcZM0LI77QY71GVcdKx7UzjD-N5sm-ceuD7PMBMV-du4EmH6TJloXg69V6zLm2j1-6E87T-l6VULtQf_hIpPwsd0EWp3cm4P6nxU_saMiN6LeF6DszE9IDoR67DR4rCzYN-ZKscf_eTOpsLzoebazqRsLHfep8y8P3trgw6W-YrcNAEeHaCZv-PP37wW5YjPwBCLOr8guCZ8hDZogiusrdu5BIYY7zUu147ow0XwGdmyKqZJywQVenFXQ3Vwedx8eh3ABM-Q8ui8A5IFBAgEGAGSBQQIBRgEoAZRgAfS77w1qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ6_wb0ggJCIDhgHAQARgfgAoByAsB2BMN0BUBgBcBshccChoIABIUcHViLTEzNDIzNDc4NDMzNTEzMzgYAA&sigh=jugAc89r42k&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766471&bpp=2&bdt=193&idt=433&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=NgnToCu2Ou&p=https%3A//www.aiupnow.com&dtd=437
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766471&bpp=2&bdt=193&idt=433&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=NgnToCu2Ou&p=https%3A//www.aiupnow.com&dtd=437
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 15 Dec 2021 19:49:28 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
x7zgqmr.m3u8
www.dailymotion.com/cdn/manifest/video/ Frame 9407 		8 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.dailymotion.com/cdn/manifest/video/x7zgqmr.m3u8?sec=HhRoXb5vURZvHJ_AeJyVXFa7SxEhfp21vut9wjSrol8qUVBKHBSLSX0RgNm_ueDFPhqSJ_PObpWvybctopRBvA&dmTs=99129&dmV1st=2D76E625E425DA859D2C747624244DA0
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.90 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
fp.dc3.dailymotion.com
Software
DMS/1.0.42 /
Resource Hash
d008862ac51c4c57d4e2351821f587b691b9674ba43ed97a26b92d700d95a389
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31708800; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Security-Policy
upgrade-insecure-requests
Content-Encoding
gzip
Referrer-Policy
no-referrer-when-downgrade
Server
DMS/1.0.42
Date
Wed, 15 Dec 2021 19:49:28 GMT
Expect-Ct
max-age=0, report-uri="https://www.dailymotion.com/content_security_policy_report_uri"
Content-Security-Policy-Report-Only
default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri
Content-Type
application/vnd.apple.mpegurl
Cache-Control
private, max-age=600
Server-Timing
total;dur=26, dc;desc="dc3"
Strict-Transport-Security
max-age=31708800; includeSubDomains; preload
Timing-Allow-Origin
*
Vary
X-DM-SSL,Accept-Encoding
Content-Length
2080
Expires
Wed, 15 Dec 2021 19:59:28 +0000
x240
s2.dmcdn.net/v/SnsdJ1WypR--M_6QB/ Frame 9407 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s2.dmcdn.net/v/SnsdJ1WypR--M_6QB/x240
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.25.50.162 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a184-25-50-162.deploy.static.akamaitechnologies.com
Software
DMS/2 /
Resource Hash
c9dbf391eb49cc7fb60b02931b2d3595eaf3c065b716778f0be58306dd7cbde1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
last-modified
Wed, 15 Dec 2021 08:31:30 GMT
server
DMS/2
content-type
image/jpeg
cache-control
max-age=86400
x-status
Miss from child, Hit from parent
server-timing
total;dur=3, dc;desc="ix7"
timing-allow-origin
*
content-length
20508
expires
Thu, 16 Dec 2021 19:49:29 GMT
lounge.bundle.920cdf639b386b42eddc25a8b2755561.js
c.disquscdn.com/next/embed/ Frame C2BF 		475 KB
121 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/lounge.bundle.920cdf639b386b42eddc25a8b2755561.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.2f2f40d40785c9541a90e9086c8770a3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:7a00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
01b1844125589a15317239014be029ba024bc0d6e059222bc99bd913a82ecb88
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 23:27:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
678141
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
122873
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Tue, 07 Dec 2021 22:32:35 GMT
server
nginx
etag
"61afe103-1dff9"
content-type
application/javascript; charset=utf-8
via
1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
expires
Wed, 07 Dec 2022 23:27:07 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
8aJlgUiXbrsYuCE8iQoHEiirGF9CgCNUuVt0fm5VwYeD_uvmix2vBA==
x-cache-hits
0
config.js
disqus.com/next/ Frame C2BF 		14 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://disqus.com/next/config.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.2f2f40d40785c9541a90e9086c8770a3.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ba5de2dd01708185a0cf0204bee10541293279f7ed8589422e930caab1c18d5d
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:28 GMT
X-Content-Type-Options
nosniff
Content-Type
application/javascript; charset=UTF-8
Server
nginx
Age
53
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin
*
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
14552
X-XSS-Protection
1; mode=block
s
googleads.g.doubleclick.net/pagead/drt/ Frame 37B0 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766471&bpp=2&bdt=193&idt=433&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=NgnToCu2Ou&p=https%3A//www.aiupnow.com&dtd=437
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766471&bpp=2&bdt=193&idt=433&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=NgnToCu2Ou&p=https%3A//www.aiupnow.com&dtd=437

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Wed, 15 Dec 2021 19:04:34 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
2694
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 3E70 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
07b85abcf50821c01382c623662363b744092fddb135e7ab711895913c0fd70d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/png
si
googleads.g.doubleclick.net/pagead/drt/ Frame B0D9
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766616&bpp=1&bdt=338&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3465&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=1&fsb=1&xpc=mJaJBCYa8E&p=https%3A//www.aiupnow.com&dtd=5
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:29 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:29 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:28 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
482830803_mp4_h264_aac_l2.m3u8
proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vNlYGdwd1tCKHcQd2QJkuThuvBcgwL_ATFAR_cvNG5wID6osbCYPmaSPeGLaK9WY4)/video/308/038/ Frame 9407 		16 KB
923 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vNlYGdwd1tCKHcQd2QJkuThuvBcgwL_ATFAR_cvNG5wID6osbCYPmaSPeGLaK9WY4)/video/308/038/482830803_mp4_h264_aac_l2.m3u8
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.126.236 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
proxy-019.dc3.dailymotion.com
Software
lumberjack/2.4.24-2.4.24 /
Resource Hash
ad671f60b455b1a6641cd531081ae4708cdfbde540efc21fd251deb617c40cd2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:28 GMT
Content-Encoding
gzip
Last-Modified
Mon, 22 Feb 2021 11:04:33 GMT
Server
lumberjack/2.4.24-2.4.24
Access-Control-Max-Age
600
Content-Type
application/vnd.apple.mpegurl
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400, public
Accept-Ranges
bytes
Content-Length
536
Expires
Thu, 16 Dec 2021 19:49:28 GMT
EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
pagead2.googlesyndication.com/bg/ Frame A646 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766616&bpp=1&bdt=338&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3465&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=1&fsb=1&xpc=mJaJBCYa8E&p=https%3A//www.aiupnow.com&dtd=5
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127672d4912f86d7cbdeab0c1ccd9536aa33f335a7b1609d3a3939c1d778220e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:36:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
772
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13555
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 19:36:36 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.aiupnow.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 15 Dec 2021 19:49:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.aiupnow.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 15 Dec 2021 19:49:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/ Frame 7ABA 		11 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Wed, 15 Dec 2021 18:38:26 GMT
expires
Wed, 29 Dec 2021 18:38:26 GMT
content-type
text/html; charset=UTF-8
etag
17731914101004188133
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4884
x-xss-protection
0
age
4262
cache-control
public, max-age=1209600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/ Frame 297E 		11 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Wed, 15 Dec 2021 18:38:26 GMT
expires
Wed, 29 Dec 2021 18:38:26 GMT
content-type
text/html; charset=UTF-8
etag
17731914101004188133
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4884
x-xss-protection
0
age
4262
cache-control
public, max-age=1209600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
gen_204
pagead2.googlesyndication.com/pagead/ Frame 3E70 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=CgcIByoDd2ViCgcICCoDbHRyChsIASoXbWFnbmV0by1sYW5kc2NhcGUtc21hbGwKCggCKgZzZXJ2ZXIKMggEKi5teXNpZGlhX2FuYWx5dGljc19leHAyLHBlcmZfdmlkZW9fY29udHJvbDJfMTBwCg0QKyEAAAAAAABdQDAECg0QAyEAAACamb-bQDAECg0QCiEAAAAAzMz0PzAECg0QDSEAAAAAAAAAADAECg0QHioHNzk2eDE5OTAECg0QGSoHNzk2eDE5OTAECg0QDiEAAAAAAAAAADAECg0QBCEAAADNzMabQDAECg0QDyEAAAAAAAAAADAECg0QKyEAAAAAAABeQDAECg0QBSEAAIAzM8ebQDAECg0QECEAAAAAgPHeQDAECg0QESEAAAAAAC7NQDAECg0QEiEAAAAAAAAUQDAECg0QEyEAAAAAAAAIQDAECg0QFyEAAIAzM2-dQDAEEhpDTC1jNk5QSjV2UUNGU2NDLVFBZFlrc080QSIPdGV4dC9tYWduZXRvX3Y1KAQ=
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/4c162666b480f9d25b4d1657ab76b19c.js?tag=pingback
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:28 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame ABED
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766573&bpp=1&bdt=295&idt=463&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1669&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=SDdx8B8AWf&p=https%3A//www.aiupnow.com&dtd=467
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:29 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:29 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:29 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
pagead2.googlesyndication.com/bg/ Frame 65E1 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=1202543000&adf=1574894575&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766573&bpp=1&bdt=295&idt=463&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=1669&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=3&fsb=1&xpc=SDdx8B8AWf&p=https%3A//www.aiupnow.com&dtd=467
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127672d4912f86d7cbdeab0c1ccd9536aa33f335a7b1609d3a3939c1d778220e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:36:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
772
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13555
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 19:36:36 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame C9F7
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766575&bpp=1&bdt=297&idt=564&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3067&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=tPJEadH44t&p=https%3A//www.aiupnow.com&dtd=568
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:29 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:29 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:29 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
subscribe_embed
www.youtube.com/ Frame 1B0C 		604 B
295 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/subscribe_embed?action_card=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=profile/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4abb23884b99c6c53b604e219691758287c52cf81e28b0e90b665fd1b215a5b3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

content-type
text/html; charset=utf-8
x-content-type-options
nosniff
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 15 Dec 2021 19:49:29 GMT
strict-transport-security
max-age=31536000
cross-origin-opener-policy-report-only
same-origin; report-to="ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"
report-to
{"group":"ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"}]}
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
content-encoding
br
server
ESF
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
border_3.gif
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 		43 B
65 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/border_3.gif
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c8de81a1acb5f3788959ecc04eaa6526d5bdb29991157cecbef71042268c0374
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 05:44:54 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
age
50674
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/gif
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 15 Dec 2022 05:44:54 GMT
bubbleSprite_3.png
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 		318 B
341 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleSprite_3.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
232334d177f358c07f8271994e6fc0c018abfce7c8910deb604de1440d741c45
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 05:32:36 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
age
51412
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
318
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 15 Dec 2022 05:32:36 GMT
bubbleDropR_3.png
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 		116 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleDropR_3.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6c7884164b248cb8d87de9edf64dc810e5753bb8ec0cd015800d7f39e08371c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 20:12:54 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
age
84994
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
116
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 14 Dec 2022 20:12:54 GMT
bubbleDropB_3.png
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 		117 B
140 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleDropB_3.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
984601230d8cbfe18370425e8e897037cc1a7adf831a691a9ede573cf44479d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 16:04:39 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
age
13489
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
117
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 15 Dec 2022 16:04:39 GMT
spacer.gif
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 		43 B
65 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/spacer.gif
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 11:23:48 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
age
116740
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/gif
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 14 Dec 2022 11:23:48 GMT
EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
pagead2.googlesyndication.com/bg/ Frame A7E3 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=600&slotname=7895522530&adk=850359815&adf=2527300461&pi=t.ma~as.7895522530&w=300&lmt=1639580699&psa=0&format=300x600&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766575&bpp=1&bdt=297&idt=564&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199%2C250x250%2C250x250&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3067&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=tPJEadH44t&p=https%3A//www.aiupnow.com&dtd=568
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127672d4912f86d7cbdeab0c1ccd9536aa33f335a7b1609d3a3939c1d778220e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:36:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
773
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13555
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 19:36:36 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame 242A
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766449&bpp=1&bdt=171&idt=202&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yrheaW2R69&p=https%3A//www.aiupnow.com&dtd=209
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:29 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:29 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:29 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
482830803_mp4_h264_aac_l2.ts
proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vNlYGdwd1tCKHcQd2QJkuThuvBcgwL_ATFAR_cvNG5wID6osbCYPmaSPeGLaK9WY4)/frag(1)/video/308/038/ Frame 9407 		48 KB
49 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vNlYGdwd1tCKHcQd2QJkuThuvBcgwL_ATFAR_cvNG5wID6osbCYPmaSPeGLaK9WY4)/frag(1)/video/308/038/482830803_mp4_h264_aac_l2.ts
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.126.236 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
proxy-019.dc3.dailymotion.com
Software
lumberjack/2.4.24-2.4.24 /
Resource Hash
a9ea70e468a1ea49c3e1fe1d7181aeeb1f66d6d9af315a8fb19525e1a989b2fb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:29 GMT
Last-Modified
Mon, 22 Feb 2021 11:04:33 GMT
Server
lumberjack/2.4.24-2.4.24
Access-Control-Max-Age
600
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400, public
Accept-Ranges
bytes
Content-Length
49632
Expires
Thu, 16 Dec 2021 19:49:29 GMT
EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
pagead2.googlesyndication.com/bg/ Frame F945 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=90&slotname=4147849215&adk=2269704460&adf=3847043193&pi=t.ma~as.4147849215&w=728&lmt=1639580699&psa=0&format=728x90&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766449&bpp=1&bdt=171&idt=202&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=386&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yrheaW2R69&p=https%3A//www.aiupnow.com&dtd=209
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127672d4912f86d7cbdeab0c1ccd9536aa33f335a7b1609d3a3939c1d778220e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:36:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
773
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13555
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 19:36:36 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame D9F0
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766526&bpp=4&bdt=248&idt=419&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=08EpsWnfa3&p=https%3A//www.aiupnow.com&dtd=428
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:29 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:29 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:29 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
pagead2.googlesyndication.com/bg/ Frame 3F99 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=906162475&adf=3707566652&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766526&bpp=4&bdt=248&idt=419&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Df86b702828c79449-224155e707cd009a%3AT%3D1639597766%3ART%3D1639597766%3AS%3DALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90%2C796x199&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=768&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=08EpsWnfa3&p=https%3A//www.aiupnow.com&dtd=428
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127672d4912f86d7cbdeab0c1ccd9536aa33f335a7b1609d3a3939c1d778220e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:36:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
773
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13555
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 19:36:36 GMT
26fa9103-34aa-4d07-9328-342207060ff3
https://www.dailymotion.com/ Frame 9407 		65 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.dailymotion.com/26fa9103-34aa-4d07-9328-342207060ff3
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b17de2bb097917f12756ebb689a9cdcdf47a46ca5df26ea2b27b6620452ea6a7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Length
66540
Content-Type
text/javascript
recommendations.10022a97346f1c6e3798931bbd8e4bb5.css
c.disquscdn.com/next/recommendations/styles/ Frame DAB4 		14 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/styles/recommendations.10022a97346f1c6e3798931bbd8e4bb5.css
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:7a00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
3eee15d11eb29b6f2258cabfeeca39b3b900a7cae96fc7919b27789f3470b9f9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 18 Oct 2021 21:23:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5005564
x-cache
Hit from cloudfront
content-length
2978
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 18 Oct 2021 21:05:37 GMT
server
nginx
etag
"616de1a1-ba2"
content-type
text/css; charset=utf-8
via
1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
expires
Tue, 18 Oct 2022 21:23:25 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
cR-tpW9ASzhMsJYFMtZPg9Xprr1wmSD6p-RDMLDbkzveUMwLlO5jTQ==
x-cache-hits
0
482830803_mp4_h264_aac_ld.m3u8
proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/video/308/038/ Frame 9407 		17 KB
927 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/video/308/038/482830803_mp4_h264_aac_ld.m3u8
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.126.236 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
proxy-019.dc3.dailymotion.com
Software
lumberjack/2.4.24-2.4.24 /
Resource Hash
70d75a0c59e0e1d2bc3a34351eff20d5826e419847a0c1f9312bfc09a02e9a1d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:29 GMT
Content-Encoding
gzip
Last-Modified
Mon, 22 Feb 2021 11:04:31 GMT
Server
lumberjack/2.4.24-2.4.24
Access-Control-Max-Age
600
Content-Type
application/vnd.apple.mpegurl
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400, public
Accept-Ranges
bytes
Content-Length
540
Expires
Thu, 16 Dec 2021 19:49:29 GMT
details
disqus.com/api/3.0/forums/ Frame C2BF 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://disqus.com/api/3.0/forums/details?forum=sigma2&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.2f2f40d40785c9541a90e9086c8770a3.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2c6b79d89717789efa98627852ecedcd6d1243e461e716ff5ee69f2bf31e48aa
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:29 GMT
X-Content-Type-Options
nosniff
Server
nginx
Age
26
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Type
application/json
Vary
Origin, Cookie
Content-Length
3067
X-XSS-Protection
1; mode=block
recommendations.bundle.926bc472e4859a48daa346b4ba2ab4f4.js
c.disquscdn.com/next/recommendations/ Frame DAB4 		65 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/recommendations.bundle.926bc472e4859a48daa346b4ba2ab4f4.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:7a00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
dbffe4825c6ba1f19ff48607381ad4384b0609b64998830502c130f00abe887d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Mon, 11 Oct 2021 20:25:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5613826
x-cache
Hit from cloudfront
content-length
20244
x-xss-protection
1; mode=block
x-served-by
static-web-1
access-control-allow-origin
*
surrogate-key
next
last-modified
Mon, 11 Oct 2021 20:15:56 GMT
server
nginx
etag
"61649b7c-4f14"
content-type
application/javascript; charset=utf-8
via
1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
expires
Tue, 11 Oct 2022 20:25:43 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
coSKvnNJkhn7EMuUwH2rn4VGLMBiZrZnDNbrXw8cZMf2OBAH7UyLKQ==
x-cache-hits
0
config.js
disqus.com/next/ Frame DAB4 		14 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://disqus.com/next/config.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ba5de2dd01708185a0cf0204bee10541293279f7ed8589422e930caab1c18d5d
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/recommendations/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:29 GMT
X-Content-Type-Options
nosniff
Content-Type
application/javascript; charset=UTF-8
Server
nginx
Age
53
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin
*
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
14552
X-XSS-Protection
1; mode=block
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 3E70 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 01:54:06 GMT
x-content-type-options
nosniff
age
64523
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 15 Dec 2022 01:54:06 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 3E70 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 05:33:18 GMT
x-content-type-options
nosniff
age
51371
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15920
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:21 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 15 Dec 2022 05:33:18 GMT
482830803_mp4_h264_aac_ld.ts
proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(1)/video/308/038/ Frame 9407 		142 KB
142 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://proxy-019.dc3.dailymotion.com/sec(IEbO6Z1LHuUskp709C0fWwyggt-DePegUjdCG5iGb2vG9D9kT6BXb1-WEWuHjPZY-ZCUA-NcqxkuEK0KjgJX_VUH5hepjJPx5DWumcMtXmQ)/frag(1)/video/308/038/482830803_mp4_h264_aac_ld.ts
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendors~hlsjs_stable.607603975ee410c63a10.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.126.236 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
proxy-019.dc3.dailymotion.com
Software
lumberjack/2.4.24-2.4.24 /
Resource Hash
67042b35a4c83e7d770bc7273e2a1d4f867911f1571807e65c5a2f94e3773f9e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:29 GMT
Last-Modified
Mon, 22 Feb 2021 11:04:31 GMT
Server
lumberjack/2.4.24-2.4.24
Access-Control-Max-Age
600
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400, public
Accept-Ranges
bytes
Content-Length
145512
Expires
Thu, 16 Dec 2021 19:49:29 GMT
css2
fonts.googleapis.com/ Frame 7ABA 		4 KB
634 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 18:24:39 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 15 Dec 2021 19:49:29 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 15 Dec 2021 19:49:29 GMT
feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 7ABA 		205 B
229 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 14:48:41 GMT
x-content-type-options
nosniff
age
18048
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
205
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 15 Dec 2022 14:48:41 GMT
settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 7ABA 		604 B
628 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 11:28:25 GMT
x-content-type-options
nosniff
age
30064
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
604
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 15 Dec 2022 11:28:25 GMT
interstitial_ad_frame_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame 7ABA 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/interstitial_ad_frame_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bc7731959f24eb86dc0127adfa88c91e71d68b5a0c958dae09aab1b34438256c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:17:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1930
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8346
x-xss-protection
0
server
cafe
etag
3177319193432224586
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:17:19 GMT
de974e0de653beaf8b7a147538108e14.js
www.gstatic.com/mysidia/ Frame 297E 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/de974e0de653beaf8b7a147538108e14.js?tag=client_fast_engine_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c9a70686ad065d96298301b1fe7daf4199a4e72348dd638330390f7763ae226b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 12 Dec 2021 15:16:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
275608
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3353
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 07:52:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Sat, 12 Mar 2022 15:16:01 GMT
ef71563f30928051bf5f5d97e506b840.js
www.gstatic.com/mysidia/ Frame 297E 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/ef71563f30928051bf5f5d97e506b840.js?tag=text/vanilla_highlight
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
63cb35133865eac473826f95c6a9d64ff1fa3da71403ea4f1981e5de9bcd69bd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 12 Dec 2021 18:24:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
264317
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3802
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 07:52:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Sat, 12 Mar 2022 18:24:12 GMT
css
fonts.googleapis.com/ Frame 297E 		3 KB
579 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 18:17:56 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 15 Dec 2021 19:49:29 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 15 Dec 2021 19:49:29 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 297E 		1 KB
885 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:48:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
56
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
853
x-xss-protection
0
server
cafe
etag
7170004918125193417
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:48:33 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 297E 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:47:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
94
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:47:55 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 297E 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:45:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
231
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:45:38 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 297E 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 15 Dec 2021 19:49:29 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 297E 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:45:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
247
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:45:22 GMT
6d065ef8aad4e53a06604e1059b7b7b3.js
www.gstatic.com/mysidia/ Frame 297E 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 12 Dec 2021 14:47:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
277317
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11408
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 07:52:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Sat, 12 Mar 2022 14:47:32 GMT
www-subscribe-embed-card_v0.css
www.youtube.com/s/subscriptions/subscribe_embed/css/ Frame 1B0C 		9 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/subscriptions/subscribe_embed/css/www-subscribe-embed-card_v0.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/subscribe_embed?action_card=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fff7b5b76321e4080e4cf8a5b312d74a943b7ebc2aec9081ac7e17458123fcb2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/subscribe_embed?action_card=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 10:01:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
467291
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2447
x-xss-protection
0
last-modified
Wed, 25 Nov 2020 01:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 10 Dec 2022 10:01:18 GMT
www-subscribe-embed-card_v0.js
www.youtube.com/s/subscriptions/subscribe_embed/js/ Frame 1B0C 		149 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/subscriptions/subscribe_embed/js/www-subscribe-embed-card_v0.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/subscribe_embed?action_card=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1485460341dd7acce60bbff4b235101869025328e39f205fea7c0ea0f4b23ac6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/subscribe_embed?action_card=1&channelid=UC67hmyuSwjdLKHGnMR1Qe2Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 10:01:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
467291
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44975
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 21:45:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 10 Dec 2022 10:01:18 GMT
/
pebed.dm-event.net/ Frame 9407 		15 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

X-Dm-EventBus-Worker-Duration
0
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Language
de-DE,de;q=0.9
X-Dm-EventBus-Compression-Duration
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

Date
Wed, 15 Dec 2021 19:49:29 GMT
Server
edward-ed/2.2.1
Access-Control-Max-Age
604800
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Content-Length
15
/
pebed.dm-event.net/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
Origin
https://www.dailymotion.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
*
Access-Control-Max-Age
604800
Server
edward-ed/2.2.1
Date
Wed, 15 Dec 2021 19:49:29 GMT
Content-Length
0
activeview
pagead2.googlesyndication.com/pcs/ Frame DD2D 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuZFsWyfysrGK0kLZv_dVbV0JDF324bqAwrWEZyIwYEOWETLGT4CpHuL1_VN2G8mInGfyZFioA5O7Xy5v0_lzmWF5V1t8a1q6UM0CoRb5yq8TRgx_2Bew&sai=AMfl-YRADScpWZk3kUWrtpw3UwMZ8b5_vntLQ7_WtVj_bi3dRRQSnw36BqEsYx3zhjqvoVcq327PYjdSVEhhIp6o0meWZ50AEB6Y__KKQ-iCNbZ9NRk1wm0ebdquyFi9&sig=Cg0ArKJSzCk7k3F_fu5MEAE&cid=CAASPeRoWvQ6ykp8MuO-ju4ko97RFwVSv1aYA28Uf9ZorZ48AvuFmHJ-1P7RVZKZm9OhObohcC9FdA6IkZUwmuM&id=lidar2&mcvt=1101&p=0,0,208,250&mtos=1101,1101,1101,1101,1101&tos=1101,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=906162475&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639597766956&rpt=1432&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:29 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/ Frame 1B0C 		125 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_0
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/subscriptions/subscribe_embed/js/www-subscribe-embed-card_v0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c92084dec60847faa5d1719a8b8c238bf82f3f1ca97a8474acd3c67e3aed419
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 12 Dec 2021 22:38:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
249072
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41862
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Mon, 12 Dec 2022 22:38:17 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame 37B0
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766471&bpp=2&bdt=193&idt=433&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=NgnToCu2Ou&p=https%3A//www.aiupnow.com&dtd=437
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:29 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:29 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:29 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
pagead2.googlesyndication.com/bg/ Frame CE8F 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=199&slotname=2753253361&adk=2690295274&adf=1186251620&pi=t.ma~as.2753253361&w=796&fwrn=4&lmt=1639580699&rafmt=11&psa=0&format=796x199&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766471&bpp=2&bdt=193&idt=433&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C250x250%2C728x90%2C0x0%2C728x90&nras=1&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2072&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=NgnToCu2Ou&p=https%3A//www.aiupnow.com&dtd=437
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127672d4912f86d7cbdeab0c1ccd9536aa33f335a7b1609d3a3939c1d778220e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:36:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
773
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13555
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 19:36:36 GMT
noavatar92.png
a.disquscdn.com/1638827995/images/ Frame C2BF 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.disquscdn.com/1638827995/images/noavatar92.png
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.198.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
x-content-type-options
nosniff
last-modified
Fri, 26 Feb 2021 20:50:09 GMT
server
nginx
age
681328
etag
"60395f01-66c"
strict-transport-security
max-age=300; includeSubdomains
content-type
image/png
x-xss-protection
1; mode=block
cache-control
max-age=2592000
cross-origin-resource-policy
cross-origin
x-amz-cf-pop
FRA50-C1
content-length
1644
x-amz-cf-id
nV96ofIijb2pd0J7e4OQeo5uUhUj3seFKOcAIYB-3cvkwe0eUw8OtQ==
expires
Thu, 06 Jan 2022 22:34:02 GMT
truncated
/ Frame C2BF 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/gif
k0mtnwaPiJWk8CavAZCSyiiuy4U.js
snd.click/cdn-cgi/apps/head/ Frame 10D1 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/cdn-cgi/apps/head/k0mtnwaPiJWk8CavAZCSyiiuy4U.js
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9f21406615f1546dd9ced7d75db04dffb75609a92a35f835405784c78119447

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
105749
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
4NK6APFKZ739DNNG
x-amz-id-2
a3E7NTaPlfXGPcuU0pr28SnyHkST26ETOctbNyQ0eTkL5N5twNDgJG9Doa8OklzLFDNwLBGXxBM=
last-modified
Mon, 21 Oct 2019 15:01:53 GMT
server
cloudflare
etag
W/"7031c38f280b4d0118a771a4d493828b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s%2F5FEPK1Q9f5oFVN0A79W76%2FC8eXNaW6mhlrAs4GC9n065Ii%2FzvZxGRA%2FLdrBy6fFQCTGFlITI09PlD92e4WVCw%2Blpj9bbDPFOQI4H1RYVxfxooI3uuw8yecfcIoZSGwbR9%2BCOHoDKw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
6YU3RAlWGj1iJUnxcHmzNeblwGRVBezJ
cf-ray
6be2320c7f19f92f-MXP
css
fonts.googleapis.com/ Frame 10D1 		7 KB
748 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Ubuntu|Open+Sans:400,600
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2d5cf55fc7fb9816c5b7543e469706d77fdfa681df626c471e44b08fbf0cb9fb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 19:49:29 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 15 Dec 2021 19:49:29 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 15 Dec 2021 19:49:29 GMT
bootstrap.min.css
snd.click/frameworks/bootstrap/css/ Frame 10D1 		152 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://snd.click/frameworks/bootstrap/css/bootstrap.min.css
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 13 May 2021 13:25:00 GMT
server
cloudflare
age
105750
etag
W/"609d28ac-2606e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K0UpL5jR4twZz05qyeY29D%2FVTnw5jpuF9dUfAg1KE33S5pH6n2pwqs%2BWKE4WvC7WEhkkMIf444LdBupWu194O07cGlFoXZGywG%2FeDAtNRSd9iBj2nYGCJ4PG7Gxu2aAYfTOnq3CQL%2Bc%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be2320c7f17f92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
style.min.css
snd.click/landing/css/ Frame 10D1 		9 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://snd.click/landing/css/style.min.css?id=cecc8f3ce54a139a39cf
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5cf34d605f353037a0ab53e0d1abfe48d1c54263e5e763c23366e77d45960bfa

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Mon, 25 Oct 2021 13:56:45 GMT
server
cloudflare
etag
W/"6176b79d-2326"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bT7TSyZA4PKxddBMVyit21ftdQZL1rwyd3Ht9tLWn4SnX8QSxNV0XNpkPWlMAsvsqSDDILtoP%2FuPMSgzIkMXAicS8rqrArk%2FuEA7T5Z3rlZD%2FqYTFDRHoWFvEGKeZBgG%2FZ3VGn0G8jI%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be2320c7f15f92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
play.png
snd.click/landing/img/ Frame 10D1 		51 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/landing/img/play.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
07820f0ee3e5c253462bade268025f7712fdf14c0821fdaeb25040791fca9e4d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
73
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
52519
last-modified
Tue, 11 Jun 2019 11:54:48 GMT
server
cloudflare
etag
"5cff9688-cd27"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OLcGM3NHaAmkgdj2Qf6FJYiAsYi8DfppPNxfKHWqwJeJqBhSGGkmRk%2FrLoVZuKGk4Ynpm3VAIVxxa4Is7bN6lNFgViWg7T5btbwbWNqDGghIGnyPZEaWtg9%2BTO9yunTzHR4MkMVtX5w%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be2320d78f5f92f-MXP
1000x1000bb.jpeg
is5-ssl.mzstatic.com/image/thumb/Music124/v4/f3/53/13/f3531334-66a6-a46c-9a24-d109879e0400/8445490162586.jpg/ Frame 10D1 		212 KB
214 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://is5-ssl.mzstatic.com/image/thumb/Music124/v4/f3/53/13/f3531334-66a6-a46c-9a24-d109879e0400/8445490162586.jpg/1000x1000bb.jpeg
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:2a0::2a1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
ATS/9.0.3 /
Resource Hash
e89c1da385be36ce801884d3609d7339ed0a608898520cc43a31334a8ab5535d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-apple-jingle-correlation-key
RSJGQXJXPHH5CRL5G7RF6K4THA
strict-transport-security
max-age=31536000; includeSubDomains
etag
"MSwxLjE3LjMtMjFMLDIwRTI0MSwxNjM2MjI0MTEzNDk4LGlzQnVpbGRWZXJzaW9uTm90U2V0LDUxMDE0LG5vRWZmZWN0"
x-b3-traceid
8c92685d3779cfd1457d37e25f2b9338
x-daiquiri-instance
daiquiri:13624002:mr85p00it-hyhk03094901:7987:21RELEASE176:daiquiri-amp-processing-shared-int-001-mr
x-apple-request-uuid
8c92685d-3779-cfd1-457d-37e25f2b9338
b3
8c92685d3779cfd1457d37e25f2b9338-2cd69c16fe368b9d
content-length
217382
server
ATS/9.0.3
x-cache
TCP_MISS from a2-16-186-228.deploy.akamaitechnologies.com (AkamaiGHost/10.4.6-37171458) (-)
apple-tk
false
last-modified
Sat, 06 Nov 2021 18:41:53 GMT
x-cache-remote
TCP_HIT from a2-16-186-167.deploy.akamaitechnologies.com (AkamaiGHost/10.4.6-37171458) (-)
apple-seq
0.0
date
Wed, 15 Dec 2021 19:49:29 GMT
apple-originating-system
UnknownOriginatingSystem
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Type,ETag,Cache-Control,Expires,Last-Modified
cache-control
no-transform, max-age=12568018
x-b3-spanid
2cd69c16fe368b9d
cdnuuid
e4083fa9-39a4-4a8c-a32c-03606a4b278a-641434754
9_1560249795_youtube.png
snd.click/storage/platforms/ Frame 10D1 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/9_1560249795_youtube.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29fe732a3a3512aedec5358e02eee2156a1b783cbc27ac7ed3a023c0b8cf507f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
95023
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
8256
last-modified
Tue, 11 Jun 2019 10:43:15 GMT
server
cloudflare
etag
"5cff85c3-2040"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kz6FeVCWvnn1gEHKbv54493C1%2BPOlqWq1KbSvheZ8w0pMcCRBJdQvVuhVbJuRPdJFb%2F2HusyubIAevPiMIompEsHZillrOq3mn9sVE%2BOPe9hZOrdcCkrvZiG50OY19HQt0uFn%2BHktwc%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be2320d8911f92f-MXP
6_1629198382_spotify.png
snd.click/storage/platforms/ Frame 10D1 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/6_1629198382_spotify.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf2b259176d1712ca42f68767b3dc61a2a2385fbb48ba3a7e5b587910e50d642

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
99803
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
5041
last-modified
Tue, 17 Aug 2021 11:06:22 GMT
server
cloudflare
etag
"611b982e-13b1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kHw%2BtrbvvVAY4cFyS9A%2FfSs4stkR2r2FZTH0kkCxbbXUYEsNeVtMqXrWJVqEazFyd7cvLk3PtWi3XoI4FGvll93Y4sX16CK0BspYiDPRqx%2FeE9Mmbh4i1U2eEKX58TXWmRXaWs5DiE4%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be2320d8912f92f-MXP
11_1619597220_apple_music_logo.png
snd.click/storage/platforms/ Frame 10D1 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/11_1619597220_apple_music_logo.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7fc9e14f36c6590ef42bc2eec54e925cf573a2656de164817ba40c67bc71a5e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
cf-cache-status
HIT
last-modified
Wed, 28 Apr 2021 08:07:00 GMT
server
cloudflare
etag
"608917a4-17d4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kkCV8JMxHvuei3cyzfnHmVIlGl68JApNzEa5qcZ4cthZo4potFpc3lsNeLNSOahUu4jy7lzlfUPUnanrw%2F3GaxiJKTYUSNkTpDlmlhtomkOuqDH%2BA%2BQRv1%2BjGXisTPmRLJOYTDFxKgU%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6be2320d8913f92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6100
19_1629199063_pandora.png
snd.click/storage/platforms/ Frame 10D1 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/19_1629199063_pandora.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c90b7e832a212a6390a5ec8c2c1161bda9375fb414ad87bfea2e282d2284be79

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
cf-cache-status
HIT
last-modified
Tue, 17 Aug 2021 11:17:43 GMT
server
cloudflare
etag
"611b9ad7-bf6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hrjcwqLdv9pn1ir%2FRrT0GDpH1HDIboI6KZVoozrcRo62soJMNrfAINQ8%2FDFZJMn4htt3QjiP9W%2FalXgHKPfQvAQb2c9R93mF0p9xfVdSX2Ep%2FLr9rXjltex5zHu%2B0G2LOiCcyrPz6xI%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6be2320d8914f92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
3062
47_1629202649_qobuz.png
snd.click/storage/platforms/ Frame 10D1 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/47_1629202649_qobuz.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9222037993e442ba70d3b56378f359c8c37b8e2cadfb301735de27bd0ea24635

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
cf-cache-status
HIT
last-modified
Tue, 17 Aug 2021 12:17:29 GMT
server
cloudflare
etag
"611ba8d9-1a44"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c9ecgByCer3r%2Bi%2FORHB%2Fvx33fC5AGtynDvhKv4VjcBY54WRzixcbTr0bp4Yz4bv33OhcVnZSNGaHnwZ3hAyzoeWFxf3GpfHpZZvUSE5XuFMTLy5oZX%2F8emtHMl%2BoGBGs0X1iKnp9C5Q%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6be2320d8917f92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6724
12_1629198849_deezer.png
snd.click/storage/platforms/ Frame 10D1 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/12_1629198849_deezer.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fa0d1383cd6184c9654b458ceb23a3ad8c700d98cab32478b805e385efd97af0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
cf-cache-status
HIT
last-modified
Tue, 17 Aug 2021 11:14:09 GMT
server
cloudflare
etag
"611b9a01-1cfb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jxeyV%2BGT4tEk%2F9XiSDV8VcBAJFYwH7LTmtzyyfuhGsV3l%2BYaAk9yPkvr%2BroW1cn4XYQzDFXH1QrGroS4LqRZE%2BAZgLjLw8c9SDswDYHniSpl%2BdqcGQ9yQnNqMk%2Fsir8W2ZQMFpvjFx4%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6be2320d8919f92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
7419
8_1560250345_soundcloud.png
snd.click/storage/platforms/ Frame 10D1 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/8_1560250345_soundcloud.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8559b7e5e86976ac2b43d84dca46f5710852e2e1c50d5fdce5fd532efcb2154e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
73
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
5510
last-modified
Tue, 11 Jun 2019 10:52:25 GMT
server
cloudflare
etag
"5cff87e9-1586"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TQl%2BM0C89RRILktxf%2FKTqclmd%2Bg3F%2BoGbz1%2FNyK%2BkMiYLsr27ESr7a1hb8498YYsWFqeRtqcBy664WIsmk%2FYF1G1j6cyirK0kCb%2FAY7dlo5xYMDvKOl0b%2FBzFNhpaiEtt1eEXj6bRuk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be2320d892af92f-MXP
16_1560252521_tidal.png
snd.click/storage/platforms/ Frame 10D1 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/16_1560252521_tidal.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4476c31489084f057d971484ea8337d294bdce33db840a204e800da4e37ebe1d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
99803
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
4664
last-modified
Tue, 11 Jun 2019 11:28:41 GMT
server
cloudflare
etag
"5cff9069-1238"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sd%2BflUbU0Q6ZnJGbyKTKrDszPDwzKMUlbAZ%2Fgvf0uH%2Bf2s9%2BSPPnZiQht8cQXlrxpYz6zGimHLHdU4kP%2BuOESvy8mo9ZqeCOZ4evV83GShE4OYgf54wuRdhn8pw%2FbpeOHPD7cucHYbo%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be2320d892df92f-MXP
17_1560253092_napster.png
snd.click/storage/platforms/ Frame 10D1 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/17_1560253092_napster.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ec2fc40578b5d3c7c8ac12187d460fbde0d2775e48091c1363e4fac43f99a0b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
cf-cache-status
HIT
last-modified
Tue, 11 Jun 2019 11:38:12 GMT
server
cloudflare
etag
"5cff92a4-2108"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mk9TYGEPCNPE11TmGR3OxAdu%2FoAAkFyCgD2aswzkjV0ZK4CO4BIrQSQGmKhzwhdPfccFiE7%2BmTtvE10BkmiNPcR%2B2lRKT%2Bj1wCMF%2Fr5wAF13amKAPDQpcgclrl1Ty3Xmy%2Bk9yQfmN8w%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6be2320d8930f92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
8456
31_1629200927_iheart.png
snd.click/storage/platforms/ Frame 10D1 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/31_1629200927_iheart.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
32c8ec967ccde3b64e5317b356d5ca6ac6a0b39ba32f6de2f8c3b1a4e38c2574

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
cf-cache-status
HIT
last-modified
Tue, 17 Aug 2021 11:48:47 GMT
server
cloudflare
etag
"611ba21f-1354"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pQWkuJnDHCHHpmEDOKLvmkVStwv27gwrrunNokt%2FaH%2B29KQyHIfMKKWnuiBnH8XXSidu9xKC4G%2Fk6nuArwLqz1DReqovXHmK3G1ZvcFgOo3T%2FU1lR9zLxWI1FGYmJD40k29umpWuZJg%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6be2320d8932f92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
4948
118_1617886201_amazon_music_alt_black.png
snd.click/storage/platforms/ Frame 10D1 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/118_1617886201_amazon_music_alt_black.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
884bab512acc3235af224271f85a9030fd7461211c697519808bcb7702c1a091

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
cf-cache-status
HIT
last-modified
Thu, 08 Apr 2021 12:50:01 GMT
server
cloudflare
etag
"606efbf9-a3a1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zlXjNY%2BnUCMSxtFNZ0SQZukUzh%2BE4sjE3lP4fxG7FcJQ4o37j1l6fcV9ngAhCXc8X0qx3JfDVPJgFHa8zGBwHhnJhp0xBWyx3bbneDdY%2FXKtiiKrzNajKCXUH%2FDTE44aQUFEb1NsuMM%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6be2320d8934f92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
41889
54_1597838664_yt_music.png
snd.click/storage/platforms/ Frame 10D1 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/54_1597838664_yt_music.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
871f64d89795838c773a27fb668e45b3e494fb3c24758cfcca6934f305f0db72

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
cf-cache-status
HIT
last-modified
Wed, 19 Aug 2020 12:04:24 GMT
server
cloudflare
etag
"5f3d1548-1ac4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SRY0fF%2FK%2Fjgc%2BjAex%2BsOOedN2gQ2r%2BAGXQ6%2FLLNKidjqwxF6xu8c1WdDclBoA%2BRB2YU9KDMyFH67QOY0VLm6JsOKnPP6u5JD%2B0h4uydLyDi0QEtFVMmDl5GGppLq1dlKAHaJueSWoXE%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6be2320d8938f92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6852
24_1560252942_audiomack.png
snd.click/storage/platforms/ Frame 10D1 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/24_1560252942_audiomack.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
654fbcbda47c2aa67f212492935f5f7ac35cb0a0ce269ac8ba0ee283c4afb691

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
cf-cache-status
HIT
last-modified
Tue, 11 Jun 2019 11:35:42 GMT
server
cloudflare
etag
"5cff920e-12ef"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9r0mZWzoLXE1P2guJzFkmFPmurV8Gmd7SDSdFkES%2FeTPbhQ%2Fy03nNGN6JnQS3akCqLz8aqFpBgT9LvX0qjZkrWOF%2FyICElEK%2FAnZV08q52UItieUii6d6EjU%2BC5le0y8rluxVWQ6Fas%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6be2320d893af92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
4847
42_1551453680_awa.png
snd.click/storage/platforms/ Frame 10D1 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/42_1551453680_awa.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9379a60c9161c83f5075dec933369e78b3be0d8c3b7827ceda7d7a038ee62ce9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
cf-cache-status
HIT
last-modified
Fri, 01 Mar 2019 15:21:20 GMT
server
cloudflare
etag
"5c794df0-b2a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aakNFzuTSYxwHOSFr37AfrmyYY34fp%2By%2FnpAQoN4ZS%2FUnU2%2BGwzZM37k3uQQF1dfiFqvNxITogi1GcyuL2dH%2FBe%2F4TSdZufW2PHkZ3S3fRt5m8bNJ03VDPi%2BxdVQVG7sMTeymFePFFc%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6be2320d893cf92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
2858
33_1629201073_anghami.png
snd.click/storage/platforms/ Frame 10D1 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/33_1629201073_anghami.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c1a75ea27451c167b4bd5b2b9ba97f4ec7d1bcb3bf5e4725e41ff35cee1b4ffe

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
cf-cache-status
HIT
last-modified
Tue, 17 Aug 2021 11:51:13 GMT
server
cloudflare
etag
"611ba2b1-1866"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0sKHPbAIv55JKii%2Fweq5S8t7bJSA%2FZiYDP9SnWsYSgOtsXEij3WSf7YhtoOZLDCpiEl9skcHlRhvxIGLonck%2Fwz0Bs02YNA4vrZSgR7mW9FH3KnFSwKVk7bENixgugtOfgIaspy1Sxk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6be2320d893ef92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6246
35_1629201159_jiosaavn.png
snd.click/storage/platforms/ Frame 10D1 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/35_1629201159_jiosaavn.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
95b41ba92728e08797cd85b6f9683afbe13d450d1b3213358c48ac18d242846a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
cf-cache-status
HIT
last-modified
Tue, 17 Aug 2021 11:52:39 GMT
server
cloudflare
etag
"611ba307-1c18"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fq%2FXFoOsQJvrBjlc4FAeKZUzK9fbIqUD%2FgsChwHbLNOqZl7dMlBP8H8uGVn%2BpFN24uaKcON53f5UKKymQjv3sxqpzCvCvrheji%2Fi90yCApBhAwkdRSZ5fcZ9IeCx%2BQI%2Byq%2F%2BDwFNuXk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6be2320d8943f92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
7192
94_1583854462_wynk.png
snd.click/storage/platforms/ Frame 10D1 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/94_1583854462_wynk.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3bbd1c0c28ea0f2af4254c62d76b86321cecfd45a3cea933d29b37fb53ba6e28

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
cf-cache-status
HIT
last-modified
Tue, 10 Mar 2020 15:34:22 GMT
server
cloudflare
etag
"5e67b37e-10c6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KHRsknR6GBkk0VngAFmkljbPNbkfQ%2FviCUv70CxKHu6Pq0Ba%2FNRyiIfh0xcVjbCqe0%2BoXRjrzch8AWU17XDQOP43c6Xsg5vWipc4kj5sq4CRphSsRnsgjNmQ3wnoRA3MTBWORmrNwk0%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6be2320d8945f92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
4294
logo_itunes.svg
snd.click/landing/img/ Frame 10D1 		14 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/landing/img/logo_itunes.svg
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d44b6e4f9164860ac419ab1e15cdd2aa55d8117b8fdee7b2545d1b4fe0704c55

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 22 Apr 2020 13:50:49 GMT
server
cloudflare
age
99803
etag
W/"5ea04bb9-37e5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XPmpeBWwVOsKH4Q3w%2BNwXgF7nTaBG9DlBZzdqXryt5ntvR0W6oa64QFvWF%2BQ%2FbjVepa%2FWYxwU7ZArrypM2aXIXntE9B5bdd7lVqv2HxhuhbojepSe9Weiy74F4pkdgInFUG3RDB5IbU%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be2320d8949f92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
25_1560246937_google_play.png
snd.click/storage/platforms/ Frame 10D1 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/25_1560246937_google_play.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a744f38c6ace34651866bf42eb7dd14df089cdbb70c95854e766eb9b41d2361

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
cf-cache-status
HIT
last-modified
Tue, 11 Jun 2019 09:55:37 GMT
server
cloudflare
etag
"5cff7a99-2d5c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=96D%2F4GL9k1LeUX5EPZaAf6%2B%2BTnu4GD9wfichNeCZiVFpwCZZ907zR1qTgPFvgupoa63iObhf5mvI4FagYEGqgdLrENtQoe9O0vZis%2FmSp9dHjiGgD%2FKkvQ5Tmt2j8hn7OjWUG93s%2F%2B8%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6be2320d894df92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
11612
20_1629199143_bandcamp.png
snd.click/storage/platforms/ Frame 10D1 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/20_1629199143_bandcamp.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
67d410b3debb14b15512f904dc7d23856ae6389cdacffa8e8339027088719500

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:30 GMT
cf-cache-status
HIT
last-modified
Tue, 17 Aug 2021 11:19:03 GMT
server
cloudflare
etag
"611b9b27-1a02"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KoleS4YQCc1Qd50%2FVVTMpmgO1ktp2Yu89tBZz4qO2H7s7cdyu9lWw2HAmKoUaZ112zfxbWfx6fac%2BX%2BLDRVWbVmZ4WmdGz45xAnVoNCjYR1cC6Km%2FKOx31DAL4YfthbSUfUjd5oXrAY%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6be2320d8951f92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6658
icn_spotify_64.png
snd.click/landing/img/icons/ Frame 10D1 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/landing/img/icons/icn_spotify_64.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fee9bee5192b952739299570f6f1d5880895edb6e518c14850651083c242fef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
32650
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
2797
last-modified
Tue, 11 Jun 2019 09:47:21 GMT
server
cloudflare
etag
"5cff78a9-aed"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MgGAy562y0Gj7xOC%2FB7fdGH9MSmHm8qylFeJdjxmuqIf8koM8z2u8wVZ00C8yKDiiqqRAqG1x0K7FFtyhEevqUmxoAvBhgZSoOuIH%2FUbTpNMcaHzjb%2FQ5aLjyHnLF9s5echM06%2BDyg0%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be2320d8953f92f-MXP
icn_deezer_64.png
snd.click/landing/img/icons/ Frame 10D1 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/landing/img/icons/icn_deezer_64.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1a32bc2f145aea8c098f09896ed081513a6f6fcb8adc1aecfdc2b43618393a7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
32650
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
3586
last-modified
Wed, 19 Aug 2020 06:47:48 GMT
server
cloudflare
etag
"5f3ccb14-e02"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o3VPJIm85zpwdB4UVzYLL8I%2BoLU1%2BAL9zKhs0lEr2VG71V8ozEeoXDRHeAkix0OSdXyjMFEjjn8sqxD73An5VWYNvUYwqyAUVREzv7gLDRh5jKVX%2FmF55cpJBg0pvHeREZSM%2FaNzbdw%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be2320d8957f92f-MXP
icn_apple_64.png
snd.click/landing/img/icons/ Frame 10D1 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/landing/img/icons/icn_apple_64.png
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d387f8955e673b6b83572bdd758e2b0be9da640de3fc2d83c2cb96dbf4c4037

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
32650
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
2981
last-modified
Wed, 22 Apr 2020 13:50:49 GMT
server
cloudflare
etag
"5ea04bb9-ba5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AJtT9VotmubMpMPRT9OCpY9JAtU2guyPBrw3JSJjrXplxTcaSrQwFYJPTGC6F8o8VMfzV7hJYEdfdRmXtAJvIJ%2B5kEhtC5jXl89qOAF7hOCO24WEd0nstmC7ovxeQ0uSTtWFOrzgM%2Fk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be2320d8959f92f-MXP
rocket-loader.min.js
snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ Frame 10D1 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 13 Dec 2021 14:30:56 GMT
server
cloudflare
etag
W/"61b75920-302c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H%2FLWHQo%2FG3hMAOGNhZsajaW%2F9Cr9htFxXztedKUYezMphHmU5pXylXuv%2F5RR93ZLVAdx%2Bmbdh%2FjzZh%2BHcMMscpf0%2BEIsVNPCfuRbA7fzdxJUJy50hAImWsl%2BT9GkedB1S71zlOuqK3Q%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=172800, public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be2320d895cf92f-MXP
vary
Accept-Encoding
expires
Fri, 17 Dec 2021 19:49:29 GMT
53791720
mc.yandex.com/webvisor/ 		43 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/webvisor/53791720?wmode=0&wv-part=2&wv-hit=371238071&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&rn=371476001&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1639597770%3Aw%3A1600x1200%3Av%3A720%3Az%3A0%3Ai%3A20211215194929%3Au%3A1639597767748546093%3Avf%3Aykcyjkqfph1z85b6in%3Awe%3A1%3Ast%3A1639597770&t=gdpr(14)ti(2)
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:30 GMT
last-modified
Wed, 15-Dec-2021 19:49:30 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Wed, 15-Dec-2021 19:49:30 GMT
53791720
mc.yandex.com/webvisor/ 		43 B
176 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/webvisor/53791720?wmode=0&wv-part=1&wv-hit=371238071&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&rn=266241415&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1639597770%3Aw%3A1600x1200%3Av%3A720%3Az%3A0%3Ai%3A20211215194929%3Au%3A1639597767748546093%3Avf%3Aykcyjkqfph1z85b6in%3Awe%3A1%3Ast%3A1639597770&t=gdpr(14)ti(2)
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:29 GMT
last-modified
Wed, 15-Dec-2021 19:49:29 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Wed, 15-Dec-2021 19:49:29 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 3E70 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=CgcIByoDd2ViCgcICCoDbHRyChsIASoXbWFnbmV0by1sYW5kc2NhcGUtc21hbGwKCggCKgZzZXJ2ZXIKMggEKi5teXNpZGlhX2FuYWx5dGljc19leHAyLHBlcmZfdmlkZW9fY29udHJvbDJfMTBwCg0QFCEAAAAAUDTwQDAECg0QFSEAAAAAAAAuQDAECg0QFiEAAAAAAAAUQDAECg0QGCEAAEAzM1akQDAECg0QMiEAAAAAODPTPzAECg0QMyEAAAAAODPTPzAECg0QNCEAAAAAODPTPzAECg0QNSEAAAAAODPTPzAECg0QNiEAAAAAODPTPzAECg0QNyEAAAAAODPTPzAECg0QOCEAAAAANDPzPzAECg0QOSEAAADNzDCMQDAECg0QOiEAAAA0M0uMQDAECg0QOyEAAAAAAG6dQDAECg0QPCEAAAAAAG6dQDAECg0QPSEAAIAzM2-dQDAECg0QPiEAAMCZmUqkQDAECg0QPyEAAMCZmUqkQDAECg0QQCEAAAAAAFqkQDAEEhpDTC1jNk5QSjV2UUNGU2NDLVFBZFlrc080QSIPdGV4dC9tYWduZXRvX3Y1KAQ=
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/4c162666b480f9d25b4d1657ab76b19c.js?tag=pingback
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:29 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
css
fonts.googleapis.com/ Frame 67DB 		3 KB
579 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 18:22:53 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 15 Dec 2021 19:49:29 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 15 Dec 2021 19:49:29 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 67DB 		1 KB
885 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:48:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
56
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
853
x-xss-protection
0
server
cafe
etag
7170004918125193417
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:48:33 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 67DB 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:47:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
94
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7876
x-xss-protection
0
server
cafe
etag
5333878705136318229
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:47:55 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 67DB 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:45:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
231
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:45:38 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 67DB 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37305
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1638461285297402"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 15 Dec 2021 19:49:29 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 67DB 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:45:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
247
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6464
x-xss-protection
0
server
cafe
etag
15715955993838318253
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 29 Dec 2021 19:45:22 GMT
6d065ef8aad4e53a06604e1059b7b7b3.js
www.gstatic.com/mysidia/ Frame 67DB 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 12 Dec 2021 14:47:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
277317
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11408
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 07:52:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Sat, 12 Mar 2022 14:47:32 GMT
realtime.b23ff3c36dd0169627f8e54ca1621eca.css
c.disquscdn.com/next/embed/styles/ Frame 9BB8 		337 B
839 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:7a00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 02 Nov 2021 19:05:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3717860
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
244
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Tue, 02 Nov 2021 18:16:01 GMT
server
nginx
etag
"61818061-f4"
content-type
text/css; charset=utf-8
via
1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
expires
Wed, 02 Nov 2022 19:05:09 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
FXcpPlJmqVw0dJMPeh9vXgZkEiD6ALkKYLH109SN0nomxvMAyLqv5Q==
x-cache-hits
0
realtime.b23ff3c36dd0169627f8e54ca1621eca.css
c.disquscdn.com/next/embed/styles/ Frame FF48 		337 B
838 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Requested by
Host: sigma2.disqus.com
URL: https://sigma2.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:7a00:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 02 Nov 2021 19:05:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3717860
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
244
x-xss-protection
1; mode=block
x-served-by
static-web-2
access-control-allow-origin
*
surrogate-key
next
last-modified
Tue, 02 Nov 2021 18:16:01 GMT
server
nginx
etag
"61818061-f4"
content-type
text/css; charset=utf-8
via
1.1 a10d58b5ce965502cc34c5b27682fe23.cloudfront.net (CloudFront)
expires
Wed, 02 Nov 2022 19:05:09 GMT
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
FRA2-C2
timing-allow-origin
*
x-amz-cf-id
WmPotTVfLGa9mSvtANU6RkohrxxLVl9QchXMtGwvEoTw_QQrMJhnhg==
x-cache-hits
0
details
disqus.com/api/3.0/forums/ Frame DAB4 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://disqus.com/api/3.0/forums/details?forum=sigma2&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2c6b79d89717789efa98627852ecedcd6d1243e461e716ff5ee69f2bf31e48aa
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://disqus.com/recommendations/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:29 GMT
X-Content-Type-Options
nosniff
Server
nginx
Age
26
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Type
application/json
Vary
Origin, Cookie
Content-Length
3067
X-XSS-Protection
1; mode=block
adview
googleads.g.doubleclick.net/pagead/ Frame 297E 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CBa2Cxka6Yf2DML2-1fAPzZ-P0ALfr__JZYDLsqq1DszSjp3-DhABIL305nBglfrwgYwHoAGuyarJA8gBAakCVKI2fd3gsj6oAwHIA8MEqgSWAk_QuKvA7oidJ-QQBX-A3CGXmeH6ubUzXFg2V1JNw8tIePlIMQc_TjtYbwQVqCwDn0LklNAjUiU_6z6OSMI4ijlW_X6n2LqCvOWxBMBRtoj6R1UF96gMkOUJMvW03bdWx_aLqcwazPAZcnRnCXxBpy5puK37T4yuyi72E3L7cLcCHZabWGfQ9C1ViUwU_i-_STm2jm_s2t2Rak7AFB-jLAuu_FYN-GUlBZ_FzPs_rjJK0j82DWTx0TLkT709suXdPSuarXL46LlNtvLx371jNar7QTwGL2F6ms8iJUP7qE0DFPZHwudQ86QgQwoabqzGOnF20l0023WqMs9_aGpyTHOekr8JpSQPBS87eG1L_agkMnrWCbzkwATph8zJ2gOSBQQIBBgBkgUECAUYBKAGZoAHurbVNqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEICfF9IICQiA4YBwEAEYH4AKAcgLAdgTDYgUAdAVAYAXAbIXHAoaCAASFHB1Yi0xMzQyMzQ3ODQzMzUxMzM4GAA&sigh=D56FxLkrpW0&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Wed, 15 Dec 2021 19:49:29 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
event.gif
referrer.disqus.com/juggler/ Frame C2BF 		43 B
339 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://referrer.disqus.com/juggler/event.gif?abe=1&embed_hidden=1&load_time=1113&event=init_embed&thread=8927097210&forum=sigma2&forum_id=526051&imp=8sl6hvh24raq1v&thread_slug=hackers_using_malicious_iis_server_module_to_steal_microsoft_exchange_credentials_cybersecurity&user_type=anon&referrer=https%3A%2F%2Fwww.aiupnow.com%2F&theme=next&dnt=0&tracking_enabled=0&experiment=network_default&variant=fallthrough&service=dynamic&promoted_enabled=false&max_enabled=true
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:29 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Content-Type
image/gif
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
s
googleads.g.doubleclick.net/pagead/drt/ Frame C3EA 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Wed, 15 Dec 2021 19:04:34 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
2695
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
js
www.googletagmanager.com/gtag/ Frame 10D1 		90 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-75423470-2
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/apps/head/k0mtnwaPiJWk8CavAZCSyiiuy4U.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e18d92df9fc040d6254b7adc505887e40ef5960ffb39ac32cf57ca47bff59604
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36227
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 18:18:32 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 15 Dec 2021 19:49:29 GMT
RyunFgoTt9A
www.youtube.com/embed/ Frame D957
Redirect Chain
  • https://youtube.com/embed//RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
  • https://youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
  • https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
60 KB
24 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
Requested by
Host: snd.click
URL: https://snd.click/mjI0tjt?embed=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ded935a660b5a53e7d86872f98e633f254e83acd157e7cb86eb2eb7bb6b49a45
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/

Response headers

content-type
text/html; charset=utf-8
x-content-type-options
nosniff
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 15 Dec 2021 19:49:30 GMT
strict-transport-security
max-age=31536000
report-to
{"group":"ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"}]}
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only
same-origin; report-to="ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
content-encoding
br
server
ESF
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

content-type
application/binary
x-content-type-options
nosniff
expires
Wed, 15 Dec 2021 19:49:29 GMT
date
Wed, 15 Dec 2021 19:49:29 GMT
cache-control
private, max-age=31536000
location
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-opener-policy-report-only
same-origin; report-to="ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to
{"group":"ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"}]}
server
ESF
content-length
0
x-xss-protection
0
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
4iCs6KVjbNBYlgoKfw72.woff2
fonts.gstatic.com/s/ubuntu/v15/ Frame 10D1 		33 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/ubuntu/v15/4iCs6KVjbNBYlgoKfw72.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu|Open+Sans:400,600
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4f4524f7e1a87079bc50a64681f880ccf3e6f5db1ec5fc27949377532a3881da
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://snd.click
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 11:14:45 GMT
x-content-type-options
nosniff
age
117284
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34260
x-xss-protection
0
last-modified
Thu, 10 Sep 2020 17:02:57 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 14 Dec 2022 11:14:45 GMT
listRecommendations.json
disqus.com/api/3.0/discovery/ Frame DAB4 		8 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://disqus.com/api/3.0/discovery/listRecommendations.json?forum=sigma2&thread=url%3Ahttps%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&limit=8&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.6c6defcc206edabe5048d82459ee0a0e.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
b3d9e60436d10a54b04fa0bede523a36ffc72dacbe2db27148aa08d9e55eec45
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://disqus.com/recommendations/?base=default&f=sigma2&t_u=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&t_d=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A&t_t=%0AHackers%20Using%20Malicious%20IIS%20Server%20Module%20to%20Steal%20Microsoft%20Exchange%20Credentials%20%23Cybersecurity%0A
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:29 GMT
X-Content-Type-Options
nosniff
Server
nginx
Age
22
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cache-Control
stale-while-revalidate=450, public, max-age=1800
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Type
application/json
Vary
Origin
Content-Length
7793
X-XSS-Protection
1; mode=block
s
googleads.g.doubleclick.net/pagead/drt/ Frame F860 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Wed, 15 Dec 2021 19:04:34 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
2695
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
activeview
pagead2.googlesyndication.com/pcs/ Frame 111B 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu2D6oJhwFMbfObSH-rPAwGcGgMAcKihk2JgdRST-6a80Giaf8q5FuMFX8lI0zSd3Vyi6QdUZilhOQ7WDD9H4NG-m8FWsMwCLOS1di-pIGSvrZKouzy9g&sai=AMfl-YTAoavTPXrBd8FDLtZJBdedt3dKvXKWFWAqExjLGrt91hyo5Kxwm8RMEfRfzv7B51LjNyzpv-g6-mm6&sig=Cg0ArKJSzAAdhLVtvqz4EAE&id=lidar2&mcvt=1006&p=0,0,90,728&mtos=1006,1006,1006,1006,1006&tos=1006,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=2269704460&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639597766660&rpt=2227&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:29 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame C3EA
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:30 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:30 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:29 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
pagead2.googlesyndication.com/bg/ Frame 0B7B 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127672d4912f86d7cbdeab0c1ccd9536aa33f335a7b1609d3a3939c1d778220e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:36:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
773
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13555
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 19:36:36 GMT
analytics.js
www.google-analytics.com/ Frame 10D1 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-75423470-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
875
date
Wed, 15 Dec 2021 19:34:54 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 15 Dec 2021 21:34:54 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame F860
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:30 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 15 Dec 2021 19:49:30 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Wed, 15 Dec 2021 19:49:30 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
landing.js
snd.click/landing/js/ Frame 10D1 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/landing/js/landing.js?id=a4d4ab09a2052e8cd0bc
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c811b52b159c35e96af4b1f0b999753162f21933e5e520e288de72dbd5a2018a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:30 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Thu, 24 Jun 2021 11:55:19 GMT
server
cloudflare
etag
W/"60d472a7-10aa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bzZIyToYVnOwARcp8YgZa2cD%2F0KBlA61F2CLtDEdwRi0RjNlruOMzuLnlZwEmV%2FKYSRoD8Ql585wCk6HHFnAd4rsf4wLbB5hzZhngrNzOknTMxWeEonyXJvr2sIcHumdCpCpfYJvd7c%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be2320e3a7af92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
jquery.jcarousellite.js
snd.click/landing/js/jcarousel/ Frame 10D1 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/landing/js/jcarousel/jquery.jcarousellite.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a5aa8749b707f73090c7fc4938f6452803ccfe09c30ff8ff5adbd6735b799e6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:30 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 09 Dec 2018 18:23:40 GMT
server
cloudflare
etag
W/"5c0d5dac-326e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JpT2lWn9IGNLkCn6QYhgs1ouxrtMokNvIkDFqn%2FlpnuWU8H80vFo8MjJskFhe7nA6WDiaIvrno7gTo60Prmx5GtpfVn3j2n2v1Qv819ohKXStcoGEijYuaQc1rBghJaVO%2F62ZELrUmQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be2320e4a83f92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
jquery.mousewheel-3.1.12.js
snd.click/landing/js/jcarousel/ Frame 10D1 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/landing/js/jcarousel/jquery.mousewheel-3.1.12.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ac45e4c266a4fb5e7d49b00f4b3b9c53b70ccb5754d3a6d5cfc338ca3b98bd84

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:30 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 09 Dec 2018 18:23:40 GMT
server
cloudflare
etag
W/"5c0d5dac-204e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MTU5tfiI0r3y9QDhkDtfOEZTCG367xPC6YXzhH4aywmU%2FaSHROYO26qRjSolY7AWLMtzTc7FBjdjcMLr82tN7MwO%2FHmij8YWhFnDroXlNp%2BwcRjRyV9Cml3J6IEDzZjPUs%2BkcVQcK8M%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be2320e4a8cf92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
jquery.easing-1.3.js
snd.click/landing/js%7D/jcarousel/ Frame 10D1 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/landing/js%7D/jcarousel/jquery.easing-1.3.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:30 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zKys3nOU60gLkseVlLW1itt9HixuBwDu7OtqTdDlu8%2FPLlbxHRup1kOW9K%2BRGFNb73FBobuVoYuR1vFmzWyb%2FpVAZM9hjLBhSwH24PH2x00ZuDq1z7FjBvKHGdcn1t0LLjB2Nk7GQyY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
no-cache, private
cf-ray
6be2320e4a8ef92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires
-1
clipboard.min.js
snd.click/landing/js/ Frame 10D1 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/landing/js/clipboard.min.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99e1761c92764dcaeec33df3e1773160344cc4aa6b8ddaee0477372279a2c424

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 09 Dec 2018 18:23:40 GMT
server
cloudflare
age
99803
etag
W/"5c0d5dac-29a6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d6crHFzYSe%2F1PdC9qVwjOv55vXSerJDwVKSGQpfBqIVG5RKdoIwphY2smAG2h0kMmg1F%2FkS4%2BSMyRFsxg1x01512RAYuTHQqojOIprwDGBO9jVvbQa34fqIVdbAsaCpu7qIf%2F4qf%2Fpc%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be2320e4a8ff92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
bootstrap.min.js
snd.click/frameworks/bootstrap/js/ Frame 10D1 		57 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/frameworks/bootstrap/js/bootstrap.min.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 13 May 2021 13:25:00 GMT
server
cloudflare
age
105747
etag
W/"609d28ac-e2d8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FIBYbk%2F%2BHJKqnR09SBLXYLMVh5rHel7zqmTiE8oC8S98Go1dUHfua6jt35%2FReNuwxEa44klunZagRjz6gUtDfr2JeCHGYHp0WJpSbCq0dkIGW00upCxj72YhS0gvQoJM0exEZITZdYw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be2320e4a92f92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ Frame 10D1 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:30 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
524211
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6157
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:15:37 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03fa9-4af4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o98sJSTCHbstyWukS2ZlqtIu20bfJ2bFVSFOm4mXjE9CrylWg%2FxCmS1EmZed5ymGjPEICZnTbCJQsHsE4c0Vl6pTnYCEzGjl2T3vO2J8lgRcuXJPxglDvN%2B0C2Jis948egwTwdaqIM4bQ59PnWm%2F1J%2Bm"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6be2320ebc78374a-MXP
expires
Mon, 05 Dec 2022 19:49:30 GMT
musickit.js
js-cdn.music.apple.com/musickit/v1/ Frame 10D1 		230 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-cdn.music.apple.com/musickit/v1/musickit.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:285::1fcf Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
daiquiri/3.0.0 /
Resource Hash
638b07dda0f438a7f4c609bd114bedcc9c15b100133b8b8ebffc7fb85197bcb3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-apple-jingle-correlation-key
C4LO2VII5O2DEU7UVQMM4M3NDY
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-responding-instance
silverbullet-external:3002:mr28p00it-ztdg08092301:8301:21REL8
x-daiquiri-instance
daiquiri:15887002:mr85p00it-hyhk04103901:7987:21RELEASE198:daiquiri-amp-all-shared-int-001-mr, daiquiri:18493001:mr85p00it-hyhk03154801:7987:21RELEASE198:daiquiri-amp-all-shared-ext-001-mr, daiquiri:18215001:mr85p00it-hyhk03094701:7987:21RELEASE198:daiquiri-amp-store-shared-ext-001-mr
x-apple-request-uuid
1716ed55-08eb-b432-53f4-ac18ce336d1e
content-length
54285
etag
"40b3884272568618861bbec2af9ac315"
apple-tk
false
last-modified
Thu, 9 Dec 2021 18:22:23 GMT
server
daiquiri/3.0.0
apple-seq
0.0
date
Wed, 15 Dec 2021 19:49:30 GMT
apple-originating-system
UnknownOriginatingSystem
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-transform, max-age=351
x-apple-version-number
2150.7.0
jquery-1.11.1.js
snd.click/landing/js/jcarousel/ Frame 10D1 		276 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3029834a820c79c154c377f52e2719fc3ff2a27600a07ae089ea7fde9087f6bc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:30 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 09 Dec 2018 18:23:40 GMT
server
cloudflare
etag
W/"5c0d5dac-4508e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6amACgVfDez5bF8NOa84t8FG9ZFWi%2BO9hJnYSSmlvDMXaVWIQuor%2Fe1Y2G%2B%2BrHJJvMJeF5gYCaZdI%2Bdpa2uQWd%2BqvTiLHnjqb9eLabP51yQ4SIlZBiinI4d9RRuTu%2Fddo2jvJuyAoB8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be2320e4a94f92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
pagead2.googlesyndication.com/bg/ Frame 84EE 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127672d4912f86d7cbdeab0c1ccd9536aa33f335a7b1609d3a3939c1d778220e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:36:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
773
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13555
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 19:36:36 GMT
stat.gif
referrer.disqus.com/juggler/ 		43 B
339 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://referrer.disqus.com/juggler/stat.gif?event=failed_recommendations.server.undefined
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:30 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx
Content-Type
image/gif
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
www-player-webp.css
www.youtube.com/s/player/204bfffb/ Frame D957 		337 KB
46 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/204bfffb/www-player-webp.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88a9ae6f4226f2a69171713a1a08bf670297ae4b2517d8df0d707a206b0bb5b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 18:00:42 GMT
content-encoding
br
x-content-type-options
nosniff
age
92928
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47300
x-xss-protection
0
last-modified
Tue, 14 Dec 2021 01:04:25 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 14 Dec 2022 18:00:42 GMT
www-embed-player.js
www.youtube.com/s/player/204bfffb/www-embed-player.vflset/ Frame D957 		225 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/204bfffb/www-embed-player.vflset/www-embed-player.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4a9cf9fe55d2740f89e2bbbd96b47d2793948cb9480aae05f7db428b41e9d8dd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 18:00:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
92927
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
74767
x-xss-protection
0
last-modified
Tue, 14 Dec 2021 01:04:25 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 14 Dec 2022 18:00:43 GMT
base.js
www.youtube.com/s/player/204bfffb/player_ias.vflset/de_DE/ Frame D957 		2 MB
529 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/204bfffb/player_ias.vflset/de_DE/base.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8903986c927e122375ba7e0e972f366ae8c7104bf6f9fd4bccac2ada20949158
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 18:00:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
92926
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
541105
x-xss-protection
0
last-modified
Tue, 14 Dec 2021 01:04:25 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 14 Dec 2022 18:00:44 GMT
fetch-polyfill.js
www.youtube.com/s/player/204bfffb/fetch-polyfill.vflset/ Frame D957 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/204bfffb/fetch-polyfill.vflset/fetch-polyfill.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 18:00:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
92927
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2830
x-xss-protection
0
last-modified
Tue, 14 Dec 2021 01:04:25 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 14 Dec 2022 18:00:43 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame D957 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 11:18:05 GMT
x-content-type-options
nosniff
age
117085
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 14 Dec 2022 11:18:05 GMT
id
googleads.g.doubleclick.net/pagead/ Frame D957 		113 B
159 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/id
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/204bfffb/www-embed-player.vflset/www-embed-player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6742fba4fb448488e05ec1443e5bd0ba27e9d9e58295c7e2871dc48f3caedd81
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
133
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad_status.js
static.doubleclick.net/instream/ Frame D957 		29 B
588 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.doubleclick.net/instream/ad_status.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/204bfffb/www-embed-player.vflset/www-embed-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:42:15 GMT
x-content-type-options
nosniff
age
435
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29
x-xss-protection
0
last-modified
Thu, 12 Dec 2013 23:40:16 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 15 Dec 2021 19:57:15 GMT
X91DEWQIO8k93DoQiyzxLpOdvXUBhBD4UdpkLUEPiVw.js
www.google.com/js/th/ Frame D957 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/js/th/X91DEWQIO8k93DoQiyzxLpOdvXUBhBD4UdpkLUEPiVw.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/204bfffb/player_ias.vflset/de_DE/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5fdd431164083bc93ddc3a108b2cf12e939dbd75018410f851da642d410f895c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sun, 12 Dec 2021 15:52:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
273421
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13448
x-xss-protection
0
last-modified
Mon, 29 Nov 2021 17:00:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 12 Dec 2022 15:52:29 GMT
embed.js
www.youtube.com/s/player/204bfffb/player_ias.vflset/de_DE/ Frame D957 		24 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/204bfffb/player_ias.vflset/de_DE/embed.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/204bfffb/player_ias.vflset/de_DE/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
550c9da427a76b05374a263e56f08ea0db57d7fd44f33abea68182afe165233f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Tue, 14 Dec 2021 18:00:45 GMT
content-encoding
br
x-content-type-options
nosniff
age
92925
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7354
x-xss-protection
0
last-modified
Tue, 14 Dec 2021 01:04:25 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 14 Dec 2022 18:00:45 GMT
generate_204
www.youtube.com/ Frame D957 		0
9 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.youtube.com/generate_204?EXUbTA
Requested by
Host: www.aiupnow.com
URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:30 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
analytics.js
www.google-analytics.com/ Frame 10D1 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
876
date
Wed, 15 Dec 2021 19:34:54 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 15 Dec 2021 21:34:54 GMT
53791720
mc.yandex.com/webvisor/ 		43 B
97 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/webvisor/53791720?wmode=0&wv-part=3&wv-hit=371238071&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&rn=12345591&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1639597770%3Aw%3A1600x1200%3Av%3A720%3Az%3A0%3Ai%3A20211215194930%3Au%3A1639597767748546093%3Avf%3Aykcyjkqfph1z85b6in%3Awe%3A1%3Ast%3A1639597770&t=gdpr(14)ti(2)
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:30 GMT
last-modified
Wed, 15-Dec-2021 19:49:30 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Wed, 15-Dec-2021 19:49:30 GMT
53791720
mc.yandex.com/webvisor/ 		43 B
73 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/webvisor/53791720?wmode=0&wv-part=1&wv-hit=371238071&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&rn=233770995&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1639597770%3Aw%3A1600x1200%3Av%3A720%3Az%3A0%3Ai%3A20211215194930%3Au%3A1639597767748546093%3Avf%3Aykcyjkqfph1z85b6in%3Awe%3A1%3Ast%3A1639597770&t=gdpr(14)ti(2)
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:30 GMT
last-modified
Wed, 15-Dec-2021 19:49:30 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Wed, 15-Dec-2021 19:49:30 GMT
53791720
mc.yandex.com/webvisor/ 		43 B
73 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/webvisor/53791720?wmode=0&wv-part=1&wv-hit=371238071&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&rn=342834739&wv-type=5&browser-info=gdpr%3A14%3Aet%3A1639597770%3Aw%3A1600x1200%3Av%3A720%3Az%3A0%3Ai%3A20211215194930%3Au%3A1639597767748546093%3Avf%3Aykcyjkqfph1z85b6in%3Awe%3A1%3Ast%3A1639597770&t=gdpr(14)ti(2)
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:30 GMT
last-modified
Wed, 15-Dec-2021 19:49:30 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Wed, 15-Dec-2021 19:49:30 GMT
jquery.easing-1.3.js
snd.click/landing/js%7D/jcarousel/ Frame 10D1 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://snd.click/landing/js%7D/jcarousel/jquery.easing-1.3.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:30 GMT
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AD%2FkNRmWrwnVeNtdAo%2FWslvVk1oDgQ815M4JpKD1pBYDq%2B96VHSc4Pl6VK3LQxbYe4KRkZqOwxM3C7M%2FvydiXwNjPBhHopnmrVn9UVPR60QrKi61Z6I3EZQHwaS63o2kV8Tc1bs%2FGMc%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
no-cache, private
cf-ray
6be23211188df92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires
-1
all.js
use.fontawesome.com/releases/v5.0.9/js/ Frame 10D1 		682 KB
247 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.0.9/js/all.js
Requested by
Host: snd.click
URL: https://snd.click/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:d645 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2fec0e2942f49dd3cad4650431d550d761f11dded17834d4835768c2ca730c0

Request headers

Referer
https://snd.click/
Origin
https://snd.click
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:30 GMT
content-encoding
br
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6654477
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
NENE3TBZ7TNHTTMC
x-amz-id-2
sd0uGj5TFcK9tHmDoqAVXtlzWctS8GRIRhTn4jhCDDdwfj13NNioyIAyqURj40CTxmhIWW2UI40=
last-modified
Wed, 30 Jun 2021 15:28:17 GMT
server
cloudflare
etag
W/"bffc6023835e717c0348c41583e56eba"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kpdWq8fDjvB3dRgZhMtwHTlCarMRXunm%2F33WFBwG8WRoGpiKzRHqpEEIJVyEAkRbybMAzlRyNLUj2bwQLk34IDxf02tiiB9lf7g9XGjDyrZkgud75zNClBOhd6kzFKdOPjC4AWenpAZYoOy3h8QhBCkW"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31556926
cf-ray
6be2321288c759c5-MXP
33_1629201073_anghami.png
snd.click/storage/platforms/ Frame 10D1 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/33_1629201073_anghami.png
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c1a75ea27451c167b4bd5b2b9ba97f4ec7d1bcb3bf5e4725e41ff35cee1b4ffe

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:30 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6246
last-modified
Tue, 17 Aug 2021 11:51:13 GMT
server
cloudflare
etag
"611ba2b1-1866"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7qq66S7SXr9bRVvQOtxFy%2B9eNtkBZxBqWy2vtkE4mLVcikavgSr8kif%2BEZhgzIXynyUfwDmDN8uoZwh1V%2F%2Fz4m2cdxu0G2bLtN8OQKk0%2BoPrEjuZ00U5amGpeNWAv%2BYlQnk2Oz2TmJU%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be232135c75f92f-MXP
35_1629201159_jiosaavn.png
snd.click/storage/platforms/ Frame 10D1 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/35_1629201159_jiosaavn.png
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
95b41ba92728e08797cd85b6f9683afbe13d450d1b3213358c48ac18d242846a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:30 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
7192
last-modified
Tue, 17 Aug 2021 11:52:39 GMT
server
cloudflare
etag
"611ba307-1c18"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q43LqI%2F1EA%2B9zSvsjkbzwtKCKcSlXB7VZGFuj4o7mdmRSL9qSzIVEyuKWQLQ%2F4s6fyTD2Bd5jM6BTNGG8NEqsOty68Vopx9Xhyv5vj7ODDsn8ODFgXxL6lKZqQCJRAD46JTYvY79K1w%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be232135c78f92f-MXP
94_1583854462_wynk.png
snd.click/storage/platforms/ Frame 10D1 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/94_1583854462_wynk.png
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3bbd1c0c28ea0f2af4254c62d76b86321cecfd45a3cea933d29b37fb53ba6e28

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:30 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
4294
last-modified
Tue, 10 Mar 2020 15:34:22 GMT
server
cloudflare
etag
"5e67b37e-10c6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gVX%2FcH0oZsUFBdQ8Pl5PI6E2%2BlwChfGH0X12n0p6qnE8bdpTzW2uHJSbEexssyVT%2BHuCUkKLi14qxyayEQgvbOmR3XRj3PhaSfsgy24tw91AOutzrJ853st%2FoSd17IYpeA%2FEGvwOe%2Fg%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be232135c7bf92f-MXP
9_1560249795_youtube.png
snd.click/storage/platforms/ Frame 10D1 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/9_1560249795_youtube.png
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29fe732a3a3512aedec5358e02eee2156a1b783cbc27ac7ed3a023c0b8cf507f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:30 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
95024
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
8256
last-modified
Tue, 11 Jun 2019 10:43:15 GMT
server
cloudflare
etag
"5cff85c3-2040"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4BqAXPaxWe5APtPz4kTSjmAaUqXZhcqZQjXVBw1xotKzZMYPNb6FnLPfHPhDdfWyQS6%2B5aalacTzndm5aVXcwmqlLRmycOPmBMzgLLAx2IWa1a6FCgFjDoIbtfG7WiOTlXJQOR5t9PM%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be232135c7ef92f-MXP
6_1629198382_spotify.png
snd.click/storage/platforms/ Frame 10D1 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/6_1629198382_spotify.png
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf2b259176d1712ca42f68767b3dc61a2a2385fbb48ba3a7e5b587910e50d642

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:30 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
99804
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
5041
last-modified
Tue, 17 Aug 2021 11:06:22 GMT
server
cloudflare
etag
"611b982e-13b1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OLkAntH%2FXSvBHhaN8zUTBt3Gia7fZbVdEIvwbN6VwF%2FqVgxxwQ%2BEWwbFMT2b20nG6SLm2V6Abvlv6HtVjrQkKGgKtWfaYaw8Gn%2FM5YYfI06ZkVfUA2vjmtqOXK8aGsrM2O9fUYktj2U%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be232135c7ff92f-MXP
11_1619597220_apple_music_logo.png
snd.click/storage/platforms/ Frame 10D1 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/11_1619597220_apple_music_logo.png
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7fc9e14f36c6590ef42bc2eec54e925cf573a2656de164817ba40c67bc71a5e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:30 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6100
last-modified
Wed, 28 Apr 2021 08:07:00 GMT
server
cloudflare
etag
"608917a4-17d4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jbAJRCUQXNo7f7gZQp%2FauyryqrJme0r1rgREvytLLZHeTNk8Xciqmyc%2F8CdrBtnNZlacuxKCXwKmqVywMKgu%2Fh53q8vBAcX%2FlIAl%2BAl0mqKirhd0XyZlaY%2B0TVi5HpAoiLqo8WrRJZU%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be232135c81f92f-MXP
logo_itunes.svg
snd.click/landing/img/ Frame 10D1 		14 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/landing/img/logo_itunes.svg
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d44b6e4f9164860ac419ab1e15cdd2aa55d8117b8fdee7b2545d1b4fe0704c55

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:30 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 22 Apr 2020 13:50:49 GMT
server
cloudflare
age
99804
etag
W/"5ea04bb9-37e5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ak57j6lnRMGRb4B2201WC0sN%2B69XCIhGz5DL4Pz05oJ7PC5a40OIJ6dk0lXkjRf0WEbUvWEOAeQ5bkb0C1p4JkdeeOyJVGOa9i%2FMQ7v5E8GcoyY5Fd7ipIo6vrgy%2FDfbjCo8vsdrJDQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6be232135c8cf92f-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
25_1560246937_google_play.png
snd.click/storage/platforms/ Frame 10D1 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/25_1560246937_google_play.png
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a744f38c6ace34651866bf42eb7dd14df089cdbb70c95854e766eb9b41d2361

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:30 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
11612
last-modified
Tue, 11 Jun 2019 09:55:37 GMT
server
cloudflare
etag
"5cff7a99-2d5c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Zc1jT%2B%2B7q3gCmEx9q8ZrLw6k5QZEYcWJoRqfM%2B4K2a%2F0MuZq920V4lQBDw2qGlE%2FU29n6OJ%2FM3y64Sqr7nrexg4TQ9xC5xTx4YppivU%2F4gQBLaE%2FqISF90VmsmkC7x2pfzc1QCGFaA%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be232135c8df92f-MXP
20_1629199143_bandcamp.png
snd.click/storage/platforms/ Frame 10D1 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://snd.click/storage/platforms/20_1629199143_bandcamp.png
Requested by
Host: snd.click
URL: https://snd.click/landing/js/jcarousel/jquery-1.11.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:a881 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
67d410b3debb14b15512f904dc7d23856ae6389cdacffa8e8339027088719500

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/mjI0tjt?embed=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:30 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
0
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6658
last-modified
Tue, 17 Aug 2021 11:19:03 GMT
server
cloudflare
etag
"611b9b27-1a02"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e84DaJ%2Ff5qhQM4MkMsSyDN3MmKVriqYVMSaq2XlgLSLX%2F0Kn5D0BAVM5SnpcfPPgjY0WZrxAHUnMcZgpISZfaRgPcbYwDnAAv6EXfVR8%2BvUxJp2wcjkb85BiPMd8h9oBt9FTDAuue%2FE%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
6be232135c8ef92f-MXP
nr-1212.min.js
js-agent.newrelic.com/ Frame 10D1 		34 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-1212.min.js
Requested by
Host: t.co
URL: https://t.co/IMBWIxzlWq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e8fd6832e13fca9622a46af5fddb394c358ef083d84002896aca34613d77780e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
S6r4yaeB6jo_ZylmZ_5cM21n7ZH1t6gc
content-encoding
gzip
etag
"9dfe540eb31e6fc0e0dddd91e3511f68"
x-amz-request-id
0TM5PC7FSF00SYG0
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
12828
x-amz-id-2
z1U4CFjweYlb7Zya5oHzZMGY3E8DebmJqf9nnIggGk20PzHVfM8IK0N8VEjPd6CQsXF8vEVtHl8=
x-served-by
cache-hhn4057-HHN
last-modified
Thu, 04 Nov 2021 21:16:16 GMT
server
AmazonS3
x-timer
S1639597771.808460,VS0,VE0
date
Wed, 15 Dec 2021 19:49:30 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
40516
iubenda.js
cdn.iubenda.com/ Frame 10D1 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.iubenda.com/iubenda.js
Requested by
Host: snd.click
URL: https://snd.click/landing/js/landing.js?id=a4d4ab09a2052e8cd0bc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.214.240 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-214-240.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
39ffb5a9e67544a56b3ec4b1b8060a8c9a7cd29b750e624394a37f414cdf630b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:30 GMT
content-encoding
br
last-modified
Wed, 15 Dec 2021 10:23:26 GMT
etag
"61b9c21e-145b"
p3p
CP="DSP NOI COR", policyref="http://www.iubenda.com/w3c/p3p.xml"
access-control-allow-origin
*
cache-control
public, must-revalidate, proxy-revalidate, max-age=86400
content-type
application/javascript
content-length
5211
expires
Thu, 16 Dec 2021 19:49:30 GMT
db9141e72b
bam-cell.nr-data.net/1/ Frame 10D1 		49 B
720 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam-cell.nr-data.net/1/db9141e72b?a=184865423&v=1212.e95d35c&to=ZAMANRNYWxZYAUxeXF1JIwIVUFoLFiNIR297EhYRPXpaC00QV1tfVhQRPTJcUyZWDExFXF8KBxMhSUcKWgdLRA%3D%3D&rst=4120&ck=1&ref=https://snd.click/mjI0tjt&ap=2480&be=3591&fe=4071&dc=4061&perf=%7B%22timing%22:%7B%22of%22:1639597766701,%22n%22:0,%22f%22:2,%22dn%22:2,%22dne%22:2,%22c%22:2,%22ce%22:2,%22rq%22:3,%22rp%22:2638,%22rpe%22:2647,%22dl%22:2817,%22di%22:3172,%22ds%22:3248,%22de%22:3248,%22dc%22:3590,%22l%22:3590,%22le%22:3592%7D,%22navigation%22:%7B%7D%7D&at=SEQDQ1tCSBg%3D&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1212.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://snd.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:31 GMT
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
Server
cloudflare
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
access-control-allow-credentials
true
CF-Ray
6be232141a5b54c4-MAN
sodar
pagead2.googlesyndication.com/getconfig/ 		11 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211207&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d537bdcf41cf1b6e7765cb13e5d909273b9b374318e40aa927db2c5346e3cf81
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 15 Dec 2021 19:49:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8555
x-xss-protection
0
comments.php
www.facebook.com/v2.0/plugins/ Frame 049C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/v2.0/plugins/comments.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfd831d28064058%26domain%3Dwww.aiupnow.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.aiupnow.com%252Ffc42c776f2b6e%26relation%3Dparent.parent&color_scheme=light&container_width=0&height=100&href=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&locale=en_US&numposts=5&sdk=joey&version=v2.0&width=
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=28f9a6f9eaf42320ac8b003f19c333a0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

content-type
text/html;charset=utf-8
pragma
no-cache
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
x-content-type-options
nosniff
x-xss-protection
0
x-fb-debug
Zwm3gYw+9ouMuxdFROcfqIX3RFqE52vWuVB/D5nqeXREOBXRPkVLpDyu8HECwe20RRF/3H/mtA8GTadWSKi1cg==
content-length
0
date
Wed, 15 Dec 2021 19:49:31 GMT
priority
u=3,i
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1342347843351338&plah=www.aiupnow.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
expires
Wed, 15 Dec 2021 19:49:33 GMT
log_event
www.youtube.com/youtubei/v1/ Frame D957 		28 B
55 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/204bfffb/player_ias.vflset/de_DE/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/json
X-YouTube-Utc-Offset
0
X-YouTube-Client-Name
56
Referer
https://www.youtube.com/embed/RyunFgoTt9A?rel=0&controls=0&enablejsapi=1&version=3&playerapiid=ytplayer
X-YouTube-Client-Version
1.20211210.00.01
X-YouTube-Time-Zone
Etc/Unknown
X-Goog-Visitor-Id
CgtMdDNkcjduSU9ZWSjJjemNBg%3D%3D
X-YouTube-Ad-Signals
dt=1639597770203&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&wgl=true&ca_type=image&bid=ANyPxKrZVtZ205csD0tPvAEY5gOuB5N_8zwYPU9hOhmiCZnoetxOghlOzvXE4q1O-63leJ_CuweJuEBUkxwNsnOXepjc4NUPkw

Response headers

date
Wed, 15 Dec 2021 19:49:32 GMT
content-encoding
br
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
vary
Origin, X-Origin, Referer
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31
x-xss-protection
0
expires
Wed, 15 Dec 2021 19:49:32 GMT
53791720
mc.yandex.com/webvisor/ 		43 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/webvisor/53791720?wmode=0&wv-part=4&wv-hit=371238071&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&rn=187291144&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1639597772%3Aw%3A1600x1200%3Av%3A720%3Az%3A0%3Ai%3A20211215194932%3Au%3A1639597767748546093%3Avf%3Aykcyjkqfph1z85b6in%3Awe%3A1%3Ast%3A1639597772&t=gdpr(14)ti(2)
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:32 GMT
last-modified
Wed, 15-Dec-2021 19:49:32 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Wed, 15-Dec-2021 19:49:32 GMT
/
pebed.dm-event.net/ Frame 9407 		15 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

Accept
application/json, text/plain, */*
X-Dm-EventBus-Worker-Duration
0
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Language
de-DE,de;q=0.9
X-Dm-EventBus-Compression-Duration
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

Date
Wed, 15 Dec 2021 19:49:32 GMT
Server
edward-ed/2.2.1
Access-Control-Max-Age
604800
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Content-Length
15
/
pebed.dm-event.net/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
Origin
https://www.dailymotion.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
*
Access-Control-Max-Age
604800
Server
edward-ed/2.2.1
Date
Wed, 15 Dec 2021 19:49:32 GMT
Content-Length
0
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame EF2E 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5046
date
Wed, 15 Dec 2021 19:28:04 GMT
expires
Thu, 15 Dec 2022 19:28:04 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
1289
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame FEA9 		783 B
536 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
75fd3ba85edd220c4367b125ef16b97f98d35105ab3142e08dc4ebf05274081d
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-zXowH6uGpdF751XLgWLrVw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Wed, 15 Dec 2021 19:49:33 GMT
date
Wed, 15 Dec 2021 19:49:33 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-zXowH6uGpdF751XLgWLrVw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
514
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
pagead2.googlesyndication.com/bg/ Frame EF2E 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/EnZy1JEvhtfL3qsMHM2VNqoz8zWnsWCdOjk5wdd4Ig4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127672d4912f86d7cbdeab0c1ccd9536aa33f335a7b1609d3a3939c1d778220e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:36:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
777
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13555
x-xss-protection
0
last-modified
Mon, 06 Dec 2021 19:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 15 Dec 2022 19:36:36 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame FEA9 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20211207&jk=1607043423101883&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20211207&jk=1607043423101883&bg=!S0ilSAzNAAZKWFskSlg7ACkAdvg8Wkqvkk92RlxxWPXnyj1ili9bAW1BmKhBsTEBbbopPFk-ThAIxgIAAABRUgAAAA1oAQcKAGyhawxDLWqtOvQNNfv-XcImCGMM89f7841aKbxi_EHO7VGtnm05QADpLefgHvF-xpcVtz_C5kX4aT8EcbWg_Hl-HhLfMyhYS0um2BRb0h5ZcY1V0q4ALAmPFIMIY9QZxroja5w-ECT857YZc8GZArsHltM7xXLrp59lVBqp8MfQ-3p36fsgaUpRv3m8G9T82kdEtzT7fRgx54iL-m09gM-32MjPLW40cPBt3wuIWhZFnlWaFCZVvbNXu0MIahJmVN999W_xbKeTohSKXnP46NNVfCtKmoWlfZxCN29vHsq0DQ2m_Abk2FlZARfgTekk56rwuYZNOuHC0rRWIwSsXl3B9ke4bgScAOFECWQNCCMCoHMR01qw__cR5KXth1RRrhqmhHOq3MO0xJcOpcAW0AW_B9Bz004EPPj6Zx1gaSU80QRQeFVLVgP6a5sWHrrrdI5QnhevC3xf6Af0Oki0ykr0bstSWNjxbXqGbTaXiPPXjujLTFhltOBatixCzshpogMA8mnpfHVTkIHP-fwYcz0B33lOsrXpyr90rKVL9it2WuJQW6BtWqrHe_3rkpoGEa_ixUE-GsSBkeVS6JHp22hl4I0llAKcJATxSXjBEcOQAAJLGpS0hbUxuamEW_NU9ThcNXV45XHdftEFObOl09EwrckQOiQc0r5Yz5PeikL23-iYo3nIZtbbEkt3wod-pbGg2iu6SlXdToxUzDlk0zaYl-YCNmlPPL7o2TWI8v0KLUyrDvzJZxkF_KzCcTprG9X080uuEsCrz2O5vlP2Onowbks_IR2-EPBshhubQ3AtCUDdKMW8jE_1aWodgU0QwXSznmpaCS8WSfbJNf2Dyj4bkrbjq6hT16rtpq1UAOslLLE6Gp8JrV__9N6bDVncMa3dxnTyn-hJSzdv_0ND_rGwsNp55WZdEfKBFDDI6rDdwFCp7fUCJ1xdsqYkFarKkl80swKs2RGehpK-viKHzGF0WCipC4YB1RuVCy5nBAbhnvdRsHzRdy9hjSow1nT1eG_I990zSIcXnqhJJhOYngLpyqSOHKhAHXk9TTiVhzmcR06Qxu-ZFL95dkA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.aiupnow.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:33 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
53791720
mc.yandex.com/webvisor/ 		43 B
157 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/webvisor/53791720?wmode=0&wv-part=5&wv-hit=371238071&page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&rn=692565747&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1639597774%3Aw%3A1600x1200%3Av%3A720%3Az%3A0%3Ai%3A20211215194934%3Au%3A1639597767748546093%3Avf%3Aykcyjkqfph1z85b6in%3Awe%3A1%3Ast%3A1639597774&t=gdpr(14)ti(2)
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:34 GMT
last-modified
Wed, 15-Dec-2021 19:49:34 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Wed, 15-Dec-2021 19:49:34 GMT
x7zgqmr.m3u8
dmxleo.dailymotion.com/cdn/manifest/video/ Frame 9407 		40 KB
16 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmxleo.dailymotion.com/cdn/manifest/video/x7zgqmr.m3u8?auth=1639770567-2688-fvtpwq7v-cfeafe52ea42de6c5526061902ebe4b5G_FXal3TugLxKAgVMtAajGpmhNqOC8sDNEaO5u0Zd6uV7PS9gajl1hkGzMQKBcHvNzHX3gczEGVeA49zeL6QZQYz-FxAcx9KsclgaDwAmTQlVjx3Lx_N_-FkO9Oz34J8riRJ1Zw9gw_q1K7M6tdH3PeKMb3jgw2yMnCELafNvD3hFr63xjjqdTaImgDm24E4dIxV_0XjxWC1_ihupyTIjM09mPCp1-8C3G1_Tditj0-7M24mz09QibnSt4n6X8QVoB7nBYSe97QTUnjYFwfPMZkXlM1gXzE4AU91unK-zWURt-PAdTnKtlJEz656ybzZUsrApGFBfGFE6PVjP9Y06JP0zVFhIQ6ixGm89rGbRG3xm4LcKiwo1rOhHbTWnH4Hi4RedzxBRkivG4VRIis1WD455HT3IhZEIQ_dDGJVlJ6IFLEY08WXWJ4KY2lI9RxggmTN2-ywXBJzz7iVc2Xbds9-Po8x3RofaE1ZhnWzJZM9a3JgIRVr7Q23dKkco66BmcI_t4Vpm7hP9AI-ud0j6H9klR7rjY0PN65_dPETSXsmfh4mkmeXyy4cIY8llkZHqSbYpzOwTM5XAWEFCwEoD0RCkoDru2xqwi0wNPdidd8LLqBpX83CBoQb0KMN0Lkvsh0LQx13WNFtAU1tCYxmv6EjDs6_ww1nGnnc3pN-zsbmE7kowyHzHaAxJmFqUytlGFBh-r96QizABtIy-cBfh-QqTS83y_6zzCax85qhG9CyRg5xcGyPo1FsYUmPK33eNkWpczpQdZH1CjhZlsjzriuz191uMJ2pK4SbaBlFjW7cVQt6S9m3EskiX8zJT74QiyaQZ2P23zMHNyTLTg2c_p_oEjL5zzpHdxjP7H22S3Uf1FWQPX-VaMwl4JCHhLXI0Cvoqmn7FXQWwW-1iJOq8Vhxyz628x6j1_DiCnS-OvGXy7b1E3fmkXnonkWhDWw9t9MNMagvXeKq9eNkd5jzYYCxqRSnhGtMrxbHeULAXOOWlA1OSi85-QdfU1DqnpE5ciYqoqwsKoBhWo7D1lKlv3dTWnAM83Zljlf4jaWRUFOVJuHdfhQ55w9Wtb_ErA_SLz7JFBEnvBzX3NDKMB_YGD5IMWokCPfba1zkgELToeO5pdO6khqWmbzQ_s1HNESfy75yItSBazboAePBFJx2SljqQyqenNTGaBHpf0JODtKzh4vPJT1G44JzGaCaO4fKYHDYpcaCqBOkwYoTONk-tXWThyhhwmgARsGE2a59JQBtlbGIdytJ0GinL-PDdP5FS7NI3ltgWEM5zhb2JoVcvuJPNrMdMjgHEKBMHmiA6WK7UDINWlw8W3_WvwMDa12f7ggmkfsG87ZuhuoVztCXw4MJwm4JBxDkEOGksIiB70y4i0XZLfsCGWLtn2DyOGaUE_7PX3Fv7A1T5o4NDYqsIsQucIvXK4RiKlyzE218cSmCY-uJC4oGCoxu_ECksp1kYAFMMU5AdXwYE4_3BYNDL7izdsXwzqYY9g8SY1NBAuBNC2o37SaOmfibp3GMC4fEQiXNNFmYhqMNONFTyTfZ-yIkBrco-BD7rr8dJ6g1Cy5bH3ziqa3sczx-0-zc2OEgJL7YNAYWJg0JH_ebJ7yXKsdPXvelJdmesd9UpK_q53iCf0V-SoZ0vAcT5qFh5f38Kq8UQkpL990UrpXp0Bp7CdqauspLYRFebHlTVc_FDoEOcqhbH6jfyTJYsCWv2qujeIP4vnqBsLhj8qRSg6qm19Xzd9GYgjH_bN19KqjAS6LxGEKgBTgn_X68ZhGZ_aOiMQHHe448h1_GNFlUl8ewN4zCNg-24A8oER3mekediSN8XpCfAseL_EFSa0Gl7_Xn66fsr4zIIHKooDLPL0yK9TaF_NcL1hdwBOHEidbszYcgORUs7wdLm_WDG_Bpeelc38actO-g_gV4een4iYJdDSP0EvCrL9nfalaQGCEZbazfTtNxbxp-iZv0v1-nlcNnNN7CCrtwlpcvb2JjevYZNPxA5sDUwurSjv7394Y2nI47j2WFHhf1XMx0nQLczQhzO9wJ4x38mAVQzeJY43BvRvVEaBTccY3TiXFRvI9IcbFaeDcYiwZ7sQ-u_ZxN7QAtln74xidCVDF_Bx75SBlPAI2QrimR1byekXJ4X4CBzRJkeq4KvYe4pBGQyuzCpJM2RdhOw27HBvH3KLUeohNncLapk_jJElmrpiAJB7pILHdY0VaqaPDRfDVaEk65CjL78Yp5vklr0kkYu7QRLonU6lW6J7EVSD0QEAUo7DRhHSrBXFZOmxwptBKhVgxZinD3bg5iZeIsCrxQukGBUlv6L4QkZsOlHHqzq4nunZs_bJSLp8HR4txDN9LZPkf9SV983M91eqI_6Pa-3roT68PsFeeI1xraNWIxueQ8XsvWHW5KtfX2DHkGAMCDoCZo71bTv1N7XqO9xiId__HnDBF9phZRauJG7K8flvllxxzVsUXXs73lOEJ3T9lqwfrfci3E_syJZOlJ0BJT7SUEYNa5DZX9EfRE6jkb70cn6SwCe40W4i755df_IDhrYUieaCMuS29lLIS3ZDgVwrdA4TU7nC1QvnBzZf1K1S1c0N7zAODNfUMib6sI6N85xBoAVR8Ds9u1sIBPQSS3pVz6PhEObHZc3zoXJsvsZcSlA4XiuWt5mg8znE9VeX7if8BLG05ZoPmKSdhp43jOCDfwpw1_-Fp6T970KZEmGR8TUYRE1HhTstysN8MoVqr1Nz3ryzAq7yX4rf52vgixX2DFeR4679g&ps=340x191&td=www.aiupnow.com&reader_gdpr_flag=1&reader_gdpr_consent=&gdpr_binary_consent=opt-out&gdpr_comes_from_infopack=0&reader_us_privacy=1---&vl=-1&ciid=1fmvq8uip54np2on0ht_VMAP_0_0&cidx=0&sidx=0&rap=1&vidIdx=0&vad=1&omn=0&imal=1
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.65.124.38 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
icscale-01-pub-ix7.vip.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
596b44a74d7c44b589774c92d52071ea9c7605fbdfe1a8564bba78df7101105c
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-dm-lb-name
icscale-01-01.adm.ix7.dailymotion.com
date
Wed, 15 Dec 2021 19:49:38 GMT
content-encoding
gzip
server
nginx/1.19.3
strict-transport-security
max-age=15724800; includeSubDomains
access-control-allow-methods
GET
content-type
text/xml
access-control-allow-origin
https://www.dailymotion.com
access-control-allow-credentials
true
access-control-allow-headers
Authorization, Content-Type
/
pebed.dm-event.net/ Frame 9407 		15 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

Accept
application/json, text/plain, */*
X-Dm-EventBus-Worker-Duration
0
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Language
de-DE,de;q=0.9
X-Dm-EventBus-Compression-Duration
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

Date
Wed, 15 Dec 2021 19:49:38 GMT
Server
edward-ed/2.2.1
Access-Control-Max-Age
604800
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Content-Length
15
/
pebed.dm-event.net/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
Origin
https://www.dailymotion.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
*
Access-Control-Max-Age
604800
Server
edward-ed/2.2.1
Date
Wed, 15 Dec 2021 19:49:38 GMT
Content-Length
0
4pAo
pdc.dmleonyc.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://pdc.dmleonyc.com/4pAo?d=J-6y-0MrLRt362r1_H_mbCfZxE826yNdmU4iXHc_nya7NQWoWF3UrY-A_UFIkTPY
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.65.124.38 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
icscale-01-pub-ix7.vip.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
Origin
https://www.dailymotion.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

server
nginx/1.19.3
date
Wed, 15 Dec 2021 19:49:38 GMT
access-control-allow-origin
https://www.dailymotion.com
access-control-allow-credentials
true
access-control-allow-methods
POST
access-control-allow-headers
x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
access-control-max-age
86400
strict-transport-security
max-age=15724800; includeSubDomains
x-dm-lb-name
icscale-01-02
4pAo
pdc.dmleonyc.com/ Frame 9407 		0
185 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pdc.dmleonyc.com/4pAo?d=J-6y-0MrLRt362r1_H_mbCfZxE826yNdmU4iXHc_nya7NQWoWF3UrY-A_UFIkTPY
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.65.124.38 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
icscale-01-pub-ix7.vip.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
X-Dm-EventBus-Worker-Duration
0
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Language
de-DE,de;q=0.9
X-Dm-EventBus-Compression-Duration
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

access-control-allow-origin
https://www.dailymotion.com
date
Wed, 15 Dec 2021 19:49:39 GMT
access-control-allow-credentials
true
server
nginx/1.19.3
content-length
0
strict-transport-security
max-age=15724800; includeSubDomains
x-dm-lb-name
icscale-01-02
integrator.js
adservice.google.com/adsid/ Frame 58D9 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.dailymotion.com
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 15 Dec 2021 19:49:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
pubads.g.doubleclick.net/gampad/ Frame 6EDF 		156 B
748 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/ads?iu=%2F23328537%2Fca-video-pub-7019376976432612-tag%2F2191988170&description_url=https%3A%2F%2Fwww.aiupnow.com%2F&tfcd=0&npa=1&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&us_privacy=1---&correlator=4182730230803498&sz=640x480%7C640x360%7C653x350&cust_params=daily_owner_type%3Dpartner%26owner_parent_id%3D0&sdkv=h.3.492.0&osd=2&frm=2&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&mpt=dailymotion%2Fplayer-h&mpv=5.0.0&sdki=44d&adk=2141016576&sdk_apis=2%2C8&sid=85DAF788-2846-4414-A76C-7422306E9B78&nel=0&eid=44750824%2C44752657&url=https%3A%2F%2Fwww.aiupnow.com%2F&dlt=1639597767740&idt=1821&dt=1639597778994&scor=1585107211549521&ged=ve4_td11_tt10_pd11_la11000_er0.0.154.300_vi0.0.0.0_vp0_eb16747
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.492.0_en.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:39 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
113
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
error
ae-prod-onprem-ix7.dmxleo.com/v1/ad/ Frame 9407 		0
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ae-prod-onprem-ix7.dmxleo.com/v1/ad/error?ed=GDHHh5R3WT58QFyFiQIyrZv094pzjeO8mxCsKmVIW%2bw%3d&eb=GHt5ayjIVpxHXESmgnawrLEwGHflePn3kV%2bXZWLTatk%3d&cb=72834293&error=901&ei=Q0TwPYT3PK5q6JhRWfT%2ba8%2fDrf7bsg81I2yNpqUlsgWeeTXEKm5BOr2kmuPZ8gMMJxxpka%2fbjG8H5xuJDdK0xA%3d%3d&rk=1&is_nonlinear=false
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.65.124.38 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
icscale-01-pub-ix7.vip.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-dm-lb-name
icscale-01-02
date
Wed, 15 Dec 2021 19:49:39 GMT
server
nginx/1.19.3
strict-transport-security
max-age=15724800; includeSubDomains
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain; charset=UTF-8
access-control-expose-headers
X-DMX-USER-ID
cache-control
no-store
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, X-DMX-USER-ID
content-length
0
events
ae.dmxleo.com/v2/ Frame 9407 		0
299 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ae.dmxleo.com/v2/events?id=e74d91e5-6a67-4c60-97ee-49d26bcdaa14&ts=1639597778.618&cidx=0&sidx=1&rk=1&error=901&t=error
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.65.124.38 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
icscale-01-pub-ix7.vip.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-dm-lb-name
icscale-01-02
date
Wed, 15 Dec 2021 19:49:39 GMT
server
nginx/1.19.3
strict-transport-security
max-age=15724800; includeSubDomains
access-control-allow-methods
POST, GET, OPTIONS
access-control-expose-headers
X-DMX-USER-ID
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, X-DMX-USER-ID
content-length
0
platforms
odb.outbrain.com/utils/ Frame 9407 		16 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://odb.outbrain.com/utils/platforms?contentUrl=https%3a%2f%2fwww.aiupnow.com%2f&key=DAILY2FDP06JHOLMF3IPPEF4K&widgetJSId=APP_1&format=vast&cors=true&cnsntv2=&ccpa=1---&extId=0
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.114.132 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
2b552a60a4c2926eaf43123facd9c9fbe2454498a96c952113b2a484b4f1dbb9

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:39 GMT
content-encoding
gzip
traffic-path
NYDC1, LGA, HHN, Europe1
access-control-allow-origin
https://www.dailymotion.com
x-cache
MISS, MISS
x-cache-hits
0, 0
x-traceid
95e731b4f6dd6801c321c24705db21d9
content-length
2875
x-served-by
cache-lga21952-LGA, cache-hhn4083-HHN
x-timer
S1639597779.254786,VS0,VE149
vary
Accept-Encoding, User-Agent
content-type
text/xml; charset=UTF-8
via
1.1 varnish, 1.1 varnish
access-control-allow-credentials
true
accept-ranges
bytes
expires
Thu, 01 Jan 1970 00:00:00 GMT
/
pebed.dm-event.net/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
Origin
https://www.dailymotion.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
*
Access-Control-Max-Age
604800
Server
edward-ed/2.2.1
Date
Wed, 15 Dec 2021 19:49:39 GMT
Content-Length
0
/
pebed.dm-event.net/ Frame 9407 		15 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

Accept
application/json, text/plain, */*
X-Dm-EventBus-Worker-Duration
0
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Language
de-DE,de;q=0.9
X-Dm-EventBus-Compression-Duration
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

Date
Wed, 15 Dec 2021 19:49:39 GMT
Server
edward-ed/2.2.1
Access-Control-Max-Age
604800
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Content-Length
15
jsvid
pixel.adsafeprotected.com/ Frame 9407 		230 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixel.adsafeprotected.com/jsvid?videoId=a10110d228c6751d7c51befe72395e49&adsafe_par=&anId=923995&campId=preroll&chanId=x2h77of&custom=&custom2=www.aiupnow.com&custom3=1406&custom4=video&impId=e74d91e5-6a67-4c60-97ee-49d26bcdaa14&ias_xar=0&ias_xpb=autoplayed&ias_xps=1&placementId=ZzlAHLaIDoot5p0FsRXvpg&pubCreative=&pubId=&pubOrder=6242
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.80.67.138 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
09bbd82ab85d641e57e9c9095c5ca875eb38f359ba665a23ddded106e8af04c6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:39 GMT
content-encoding
gzip
x-server-name
app10.ie.303net.net
content-type
application/javascript;charset=utf-8
access-control-allow-origin
pixel.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
expires
Wed, 31 Dec 1969 23:59:59 GMT
eyJpdSI6IjJhNzg0Y2YxMjUwODNiNDcxYTE0NmY3M2E5OWNjMzIxNzg4ZmM5MDZkNzIxMDM2OGJiMGZmNDJkMGYwMGFlMTkiLCJ3IjozMDAsImgiOjI1MCwiZCI6MS41LCJjcyI6MCwiZiI6NSwiYmkiOnsicyI6eyJmZiI6bnVsbCwiZnMiOjEwLCJ0eCI6IkNhc...
images.outbrainimg.com/transform/v3/ Frame 9407 		945 KB
947 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://images.outbrainimg.com/transform/v3/eyJpdSI6IjJhNzg0Y2YxMjUwODNiNDcxYTE0NmY3M2E5OWNjMzIxNzg4ZmM5MDZkNzIxMDM2OGJiMGZmNDJkMGYwMGFlMTkiLCJ3IjozMDAsImgiOjI1MCwiZCI6MS41LCJjcyI6MCwiZiI6NSwiYmkiOnsicyI6eyJmZiI6bnVsbCwiZnMiOjEwLCJ0eCI6IkNhcmVlckZvdW5kcnkifSwidGwiOnsiZmYiOm51bGwsImZzIjoxNCwidHgiOiJKb2JsZXNzIGluIEdlcm1hbnk_IFRoaXMgaXMgaG93IHRvIGJlY29tZSBhIFVYIGRlc2lnbmVyIGluIGp1c3QgNSBtb250aHMgZm9yIGZyZWUifSwiY3RhIjp7ImZmIjpudWxsLCJmcyI6MTAsInR4IjoiUmVhZCBtb3JlIn0sInJ0bCI6ZmFsc2UsImJkIjoiVzMwMF9IMjUwIiwidG4iOiJ2aWRlby0xMF9zZWNvbmRzIn19.mp4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.232.28 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
d323274e6db33f6fab0044c4edeb9bfe1d384ed53ed7a46de196b631dc4dbb15

Request headers

Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Range
bytes=0-

Response headers

date
Wed, 15 Dec 2021 19:49:39 GMT
last-modified
Wed, 24 Nov 2021 03:11:50 GMT
content-type
video/mp4
Content-Range
bytes 0-967247/967248
cache-control
max-age=2349214
x-traceid
5c58e6f5c42c321e20af0b4508d10c73
timing-allow-origin
*
Content-Length
967248
imp
ae-prod-onprem-ix7.dmxleo.com/v1/ad/ Frame 9407 		0
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ae-prod-onprem-ix7.dmxleo.com/v1/ad/imp?ed=WR5wc8zUCGyGr8H2QSimQyHvmaeZeHzMJJVFDA9nuu8%3d&eb=L%2b4oS269NoVLxmYKQSiNYuS3TrDItDSe54z7MIVCC8k%3d&cb=00200834&ei=A%2b2QxQI7%2fgfpfY%2fRv8g6ZkHVDt71%2fxnUBBMuwlkH6WEmejzzhW40KTqnMfnRCV0KY5McuQ1lyiTyfKQqw3O3Cw%3d%3d&rk=2&is_nonlinear=false
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.65.124.38 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
icscale-01-pub-ix7.vip.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-dm-lb-name
icscale-01-02
date
Wed, 15 Dec 2021 19:49:39 GMT
server
nginx/1.19.3
strict-transport-security
max-age=15724800; includeSubDomains
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain; charset=UTF-8
access-control-expose-headers
X-DMX-USER-ID
cache-control
no-store
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, X-DMX-USER-ID
content-length
0
events
ae.dmxleo.com/v2/ Frame 9407 		0
298 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ae.dmxleo.com/v2/events?id=e74d91e5-6a67-4c60-97ee-49d26bcdaa14&ts=1639597778.618&cidx=0&sidx=1&rk=2&t=impression
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.65.124.38 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
icscale-01-pub-ix7.vip.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-dm-lb-name
icscale-01-02
date
Wed, 15 Dec 2021 19:49:39 GMT
server
nginx/1.19.3
strict-transport-security
max-age=15724800; includeSubDomains
access-control-allow-methods
POST, GET, OPTIONS
access-control-expose-headers
X-DMX-USER-ID
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, X-DMX-USER-ID
content-length
0
2f91ddfd3964c34ae45be1afe7213ef1
www.dailymotion.com/embed/video/ Frame 9407 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dailymotion.com/embed/video/2f91ddfd3964c34ae45be1afe7213ef1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.90 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
fp.dc3.dailymotion.com
Software
DMS/1.0.42 /
Resource Hash
cb3caf5190433596a2a4b1169a14291ea060d65f0c92f729c1943db1465b052a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31708800; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Security-Policy
upgrade-insecure-requests
Content-Encoding
gzip
Referrer-Policy
no-referrer-when-downgrade
Server
DMS/1.0.42
Date
Wed, 15 Dec 2021 19:49:39 GMT
Expect-Ct
max-age=0, report-uri="https://www.dailymotion.com/content_security_policy_report_uri"
Content-Security-Policy-Report-Only
default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri
Content-Type
text/html; charset=utf-8
Cache-Control
no-cache
Transfer-Encoding
chunked
Server-Timing
total;dur=38, dc;desc="dc3"
Strict-Transport-Security
max-age=31708800; includeSubDomains; preload
Timing-Allow-Origin
*
Vary
X-DM-SSL, Accept-Encoding
cv
ae-prod-onprem-ix7.dmxleo.com/v1/ad/ Frame 9407 		0
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ae-prod-onprem-ix7.dmxleo.com/v1/ad/cv?ed=WR5wc8zUCGyGr8H2QSimQyHvmaeZeHzMJJVFDA9nuu8%3d&eb=L%2b4oS269NoVLxmYKQSiNYuS3TrDItDSe54z7MIVCC8k%3d&cpa=-1&cb=24072640&ei=A%2b2QxQI7%2fgfpfY%2fRv8g6ZkHVDt71%2fxnUBBMuwlkH6WEmejzzhW40KTqnMfnRCV0KY5McuQ1lyiTyfKQqw3O3Cw%3d%3d&rk=2&is_nonlinear=false
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.65.124.38 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
icscale-01-pub-ix7.vip.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-dm-lb-name
icscale-01-02
date
Wed, 15 Dec 2021 19:49:39 GMT
server
nginx/1.19.3
strict-transport-security
max-age=15724800; includeSubDomains
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain; charset=UTF-8
access-control-expose-headers
X-DMX-USER-ID
cache-control
no-store
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, X-DMX-USER-ID
content-length
0
sca.17.5.12.js
static.adsafeprotected.com/ Frame F81A 		80 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/sca.17.5.12.js
Requested by
Host: www.dailymotion.com
URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:5000:8:48e:53c0:93a1 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 01 Oct 2021 08:08:31 GMT
content-encoding
gzip
age
6522069
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 19 Aug 2021 16:31:24 GMT
server
AmazonS3
etag
W/"9304f57298c3834ff107ea7ccb547996"
vary
Accept-Encoding
x-amz-version-id
9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via
1.1 debe291145dc27044f50d04bac101cd9.cloudfront.net (CloudFront)
cache-control
max-age=315360000
x-amz-cf-pop
FRA2-C2
content-type
application/javascript
x-amz-cf-id
heCsGnKdNDR61X1rtUQW8yF5zkkTFevWAx3aq_0Nbzq-sDGIqFHgJQ==
mon
pixel.adsafeprotected.com/ Frame 9407 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.adsafeprotected.com/mon?videoId=a10110d228c6751d7c51befe72395e49&adsafe_par=&anId=923995&campId=preroll&chanId=x2h77of&custom=&custom2=www.aiupnow.com&custom3=1406&custom4=video&impId=e74d91e5-6a67-4c60-97ee-49d26bcdaa14&ias_xar=0&ias_xpb=autoplayed&ias_xps=1&placementId=ZzlAHLaIDoot5p0FsRXvpg&pubCreative=&pubId=&pubOrder=6242&adsafe_url=https%3A%2F%2Fwww.aiupnow.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fwww.dailymotion.com%2Fembed%2Fvideo%2Fx7zgqmr%3Fautoplay%3D1%26mute%3D1&adsafe_type=df&adsafe_jsinfo=,id:bdecc063-3ab9-3716-a96d-cd21ecbaf4bf,c:wTEplP,sl:na,em:true,fr:false,thd:1,mn:app10ie,rg:ie,pt:2-5-15,br:c,abv:na,an:n,oam:0,vc:jv3,scm:publ2.grpm2,nbld:0,mtim:2,fm:sRH3bUi+11%7C12%7C13%7C141%7C142%7C15*.923995%7C1511%7C152%7C1531%7C16%7C17%7C181%7C191%7C192%7C1a%7C1b%7C1c1%7C1c2%7C1c3%7C1d%7C1e%7C1f1%7C1f2%7C1g1%7C1g2%7C1h1%7C1h2%7C1i%7C1j%7C1k1%7C1k2%7C1l%7C1m%7C1n11%7C1n12%7C1o1%7C1o2%7C1p%7C1q%7C1r%7C1s%7C1t,idMap:15*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:1,renddet:env,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,tt:jsvid,et:24,oid:23c2344c-5de0-11ec-b4a3-0634eb268b40,v:19.8.273,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0,x_vv:3.7.0,x_vanstag:cm,x_xcamp:preroll,x_xplac:ZzlAHLaIDoot5p0FsRXvpg,x_ximp:e74d91e5-6a67-4c60-97ee-49d26bcdaa14,x_xpc:dailymotion
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.80.67.138 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:39 GMT
x-server-name
app23.ie.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
dt
dt.adsafeprotected.com/ Frame 9407 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=923995&asId=bdecc063-3ab9-3716-a96d-cd21ecbaf4bf&tv=%7Bc:wTEpmq,pingTime:-3,time:61,type:v,clog:%5B%7Bpiv:-1,vs:n,r:,w:340,h:191,t:23%7D,%7Bpiv:0,vs:o,r:l,t:60%7D%5D,ve:%7BvEventCount:6,vEvents:%5B%7Bt:-15,tp:adImpression,sl:undefined,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0,x_vv:3.7.0,x_vanstag:cm,x_xcamp:preroll,x_xplac:ZzlAHLaIDoot5p0FsRXvpg,x_ximp:e74d91e5-6a67-4c60-97ee-49d26bcdaa14,x_xpc:dailymotion%7D,%7Bt:-224,tp:adLoaded,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:-223,tp:adError,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0,message:%5Bobject%20Object%5D%7D,%7Bt:-223,tp:adStarted,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:-204,tp:adDurationChange,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:-33,tp:adDurationChange,sl:n,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D%5D%7D,vv:3.7.0,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:61,n:60,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:23,wc:0.0.1600.1200,ac:NaN.NaN.340.191,am:v,cc:NaN.NaN.340.191,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B55~1,0~0%5D,as:%5B55~340.191%5D%7D%7D,%7Bsl:o,t:60,wc:0.0.1600.1200,ac:NaN.NaN.340.191,am:v,cc:NaN.NaN.340.191,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1~0%5D,as:%5B1~340.191%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jsvid,dtt:0,fm:sRH3bUi+11%7C12%7C13%7C141%7C142%7C15*.923995%7C1511%7C152%7C1531%7C16%7C17%7C181%7C191%7C192%7C1a%7C1b%7C1c1%7C1c2%7C1c3%7C1d%7C1e%7C1f1%7C1f2%7C1g1%7C1g2%7C1h1%7C1h2%7C1i%7C1j%7C1k1%7C1k2%7C1l%7C1m%7C1n11%7C1n12%7C1o1%7C1o2%7C1p%7C1q%7C1r%7C1s%7C1t,idMap:15*,rmeas:1,rend:1,renddet:env%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.149.196.103 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:40 GMT
x-server-name
dt11.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
dt
dt.adsafeprotected.com/ Frame 9407 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=923995&asId=bdecc063-3ab9-3716-a96d-cd21ecbaf4bf&tv=%7Bc:wTEpms,pingTime:-6,time:62,type:i,vv:3.7.0,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:62,n:60,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:23,wc:0.0.1600.1200,ac:NaN.NaN.340.191,am:v,cc:NaN.NaN.340.191,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B55~1,0~0%5D,as:%5B55~340.191%5D%7D%7D,%7Bsl:o,t:60,wc:0.0.1600.1200,ac:NaN.NaN.340.191,am:v,cc:NaN.NaN.340.191,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B2~0%5D,as:%5B2~340.191%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jsvid,dtt:0,fm:sRH3bUi+11%7C12%7C13%7C141%7C142%7C15*.923995%7C1511%7C152%7C1531%7C16%7C17%7C181%7C191%7C192%7C1a%7C1b%7C1c1%7C1c2%7C1c3%7C1d%7C1e%7C1f1%7C1f2%7C1g1%7C1g2%7C1h1%7C1h2%7C1i%7C1j%7C1k1%7C1k2%7C1l%7C1m%7C1n11%7C1n12%7C1o1%7C1o2%7C1p%7C1q%7C1r%7C1s%7C1t,idMap:15*,rmeas:1,rend:1,renddet:env%7D&tpiLookup=ao:www.aiupnow.com*&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.149.196.103 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:40 GMT
x-server-name
dt17.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
dt
dt.adsafeprotected.com/ Frame 9407 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=923995&asId=bdecc063-3ab9-3716-a96d-cd21ecbaf4bf&tv=%7Bc:wTEpmB,pingTime:-2,time:71,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:12955,beZ:12956,mfA:12957,cmA:12958,inA:12958,inZ:12964,prA:12964,prZ:12974,si:12979,poA:12980,poZ:12999,cmZ:12999,mfZ:12999,loA:13016,loZ:13018,ltA:13025,ltZ:13025%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:340.191,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:340,h:191,t:23%7D,%7Bpiv:0,vs:o,r:l,t:60%7D%5D,ve:%7BvEventCount:6,vEvents:%5B%7Bt:-15,tp:adImpression,sl:undefined,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0,x_vv:3.7.0,x_vanstag:cm,x_xcamp:preroll,x_xplac:ZzlAHLaIDoot5p0FsRXvpg,x_ximp:e74d91e5-6a67-4c60-97ee-49d26bcdaa14,x_xpc:dailymotion%7D,%7Bt:-224,tp:adLoaded,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:-223,tp:adError,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0,message:%5Bobject%20Object%5D%7D,%7Bt:-223,tp:adStarted,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:-204,tp:adDurationChange,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:-33,tp:adDurationChange,sl:n,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D%5D%7D,vv:3.7.0,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:71,n:60,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:23,wc:0.0.1600.1200,ac:NaN.NaN.340.191,am:v,cc:NaN.NaN.340.191,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B55~1,0~0%5D,as:%5B55~340.191%5D%7D%7D,%7Bsl:o,t:60,wc:0.0.1600.1200,ac:NaN.NaN.340.191,am:v,cc:NaN.NaN.340.191,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B11~0%5D,as:%5B11~340.191%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jsvid,dtt:0,fm:sRH3bUi+11%7C12%7C13%7C141%7C142%7C15*.923995%7C1511%7C152%7C1531%7C16%7C17%7C181%7C191%7C192%7C1a%7C1b%7C1c1%7C1c2%7C1c3%7C1d%7C1e%7C1f1%7C1f2%7C1g1%7C1g2%7C1h1%7C1h2%7C1i%7C1j%7C1k1%7C1k2%7C1l%7C1m%7C1n11%7C1n12%7C1o1%7C1o2%7C1p%7C1q%7C1r%7C1s%7C1t,idMap:15*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:1,renddet:env,sinceFw:45,readyFired:true%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.149.196.103 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:40 GMT
x-server-name
dt16.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
dt
dt.adsafeprotected.com/ Frame 9407 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=923995&asId=bdecc063-3ab9-3716-a96d-cd21ecbaf4bf&tv=%7Bc:wTEpmC,pingTime:0,time:72,type:pf,clog:%5B%7Bpiv:-1,vs:n,r:,w:340,h:191,t:23%7D,%7Bpiv:0,vs:o,r:l,t:60%7D,%7Bpiv:100,vs:i,r:,t:72%7D%5D,ve:%7BvEventCount:6,vEvents:%5B%7Bt:-15,tp:adImpression,sl:undefined,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0,x_vv:3.7.0,x_vanstag:cm,x_xcamp:preroll,x_xplac:ZzlAHLaIDoot5p0FsRXvpg,x_ximp:e74d91e5-6a67-4c60-97ee-49d26bcdaa14,x_xpc:dailymotion%7D,%7Bt:-224,tp:adLoaded,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:-223,tp:adError,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0,message:%5Bobject%20Object%5D%7D,%7Bt:-223,tp:adStarted,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:-204,tp:adDurationChange,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:-33,tp:adDurationChange,sl:n,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D%5D%7D,vv:3.7.0,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:72,n:60,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:23,wc:0.0.1600.1200,ac:NaN.NaN.340.191,am:v,cc:NaN.NaN.340.191,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B55~1,0~0%5D,as:%5B55~340.191%5D%7D%7D,%7Bsl:o,t:60,wc:0.0.1600.1200,ac:NaN.NaN.340.191,am:v,cc:NaN.NaN.340.191,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B12~0%5D,as:%5B12~340.191%5D%7D%7D,%7Bsl:i,t:72,wc:0.0.1600.1200,ac:NaN.NaN.340.191,am:v,cc:NaN.NaN.340.191,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B0~100%5D,as:%5B0~340.191%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jsvid,dtt:0,fm:sRH3bUi+11%7C12%7C13%7C141%7C142%7C15*.923995%7C1511%7C152%7C1531%7C16%7C17%7C181%7C191%7C192%7C1a%7C1b%7C1c1%7C1c2%7C1c3%7C1d%7C1e%7C1f1%7C1f2%7C1g1%7C1g2%7C1h1%7C1h2%7C1i%7C1j%7C1k1%7C1k2%7C1l%7C1m%7C1n11%7C1n12%7C1o1%7C1o2%7C1p%7C1q%7C1r%7C1s%7C1t,idMap:15*,rmeas:1,rend:1,renddet:env%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.149.196.103 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:40 GMT
x-server-name
dt19.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
widgetGlobalEvent
log.outbrainimg.com/loggerServices/ Frame 9407 		4 B
325 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://log.outbrainimg.com/loggerServices/widgetGlobalEvent?rId=2f91ddfd3964c34ae45be1afe7213ef1&pvId=2f91ddfd3964c34ae45be1afe7213ef1&sid=187095&pid=1211&idx=0&wId=140&pad=1&org=0&tm=0&eT=3&cnsnt=no_consent
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.42.32.191 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:40 GMT
Access-Control-Allow-Methods
GET,POST
Content-Type
application/json; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
X-TraceId
a96935be9e6ba551f9a2b6076849706a
Content-Length
4
Expires
0
l
mcdp-nydc1.outbrain.com/ Frame 9407 		2 B
214 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mcdp-nydc1.outbrain.com/l?token=2f91ddfd3964c34ae45be1afe7213ef1_1211_1639597779346
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.42.32.191 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 19:49:40 GMT
content-encoding
gzip
X-TraceId
da4ac28627dff512dbfc1bc6d2cbe980
Content-Length
28
Content-Type
text/plain; charset=UTF-8
log-viewability
log.outbrainimg.com/loggerServices/ Frame 9407 		4 B
325 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://log.outbrainimg.com/loggerServices/log-viewability?requestId=2f91ddfd3964c34ae45be1afe7213ef1&position=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.42.32.191 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 19:49:40 GMT
Access-Control-Allow-Methods
GET,POST
Content-Type
application/json; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
X-TraceId
3f333f4d390e489e76df61ebec672ab9
Content-Length
4
Expires
0
recordMorpheus
videoevents.outbrain.com/events/ Frame 9407 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://videoevents.outbrain.com/events/recordMorpheus?data=%7B%22eventType%22%3A%22PLAY%22%2C%22localTime%22%3A%222021-12-15T14%3A49%3A39.360693205%22%2C%22videoClickUrl%22%3A%22https%3A%2F%2Fpaid.outbrain.com%2Fnetwork%2Fredir%3Fp%3DFWc2dpD6DWHBvafGgQ72TehQI_uv4T48BnHfPZPrczRUI47YWXxin5100-g0t1YUUk3_7zaYGamp3SlTkNCn9VzAx8DPkVZy4tIaW92lCTJr7QIVR2e60lfAKpqL-lrycq2TCCS1UQVfZDFII08QMnWsy1FzifSGA38HK1tRUBHo3OM8gQD47wwmJw276kzmRC5bBhKcizcPF2d-gxasNTC5X9CDdTKH08o8cIZWgFOFDtOmENrthCN1fhHOdTSi7OUXBS1hCpTd-B3FCmjz0gHdqLBSa_BfOvyioqK8NY_Ns4MK95zd4027j_L4aCMlA0Sv3Y-9-AAiRbBB7iflksms70tp15bQ_BvNLJPbF4dmZ0eHMpYx13MMSOxP85TGQmGRva26M4YiiSB80Wg_M83XF5nwdvHAwLyZwxgb3gi8r53fFispv7HxdMEGx_rLQ0w5IBxEGXEmF-JgEJN5cSuX1ysusdYn2PR8EG5Wv76IC_mrfhnOopugJX67A-KwQOAqc54xTj727Pt7JKP04BqCboBektJAs-gPz-Rm3pUNyl_YS_cpsac9vfbMdJbCqYkWIIyskDaiuIfO1k2IZrQruYYlz6YYVfeXvesQbLEyjY3BHSQFCWK7d3KX2MiYo8D5bOgv7dftkocsdeo4E3N4xSakehsKH64WCMMHhCfjZOw8ap62qOrJZ1nuLWPUl-esLdv68uttSz7YJTU-IeYm2HcDS2oykTG1vJUZPRC0HmfBmznWFdl16nqHdJosSHvgPwcofod2iMpN7m-yIuUq4zTxYpj_dKSOpUdZXpV8qNacz2HmlMBCz8_X_cvhTjDfsJW1MAzz4rNOqkXsF3bbsjQu6AKHZr4hlQo58RqIm-PVxdMmvsF8E4y3P2zCW59evraZKggyz8nnWfFBQrw5INXzRCSE18HfojEd-hoP2CHK-U7acpjWEucbRjQYDTddHECRz-0Ny96ylT2n9y8BQTVzN7YD6ZFKvWvgvTyjwzGs8ahXpMJuqM2yP_HTaG1Wjbpd35DoEtenySYZcE1wvl5-d8yGoP77tQriV-9ujdJPxChQzIyosOdzM4FT40eHOWRr1WrRbvUcxvQiFf_4WgMF4dFJYBpqciDhvKB3RkoYvyXNVseCTSGHm13MS4i7iQDmQx04BiSYXpv2bo9Qz_kqc9VSirbHODR2lQqnNzDepajp2jWbWXJ_9GYYL2aim_UO2vppjr3kafA2W2USce_PxXY7A5hLR-uTB_NKxe5U_Jm_lDWDm2dZg3b21ODY388DQHgP8ZryvaR7Noy7Ea1fgtEPZ5RQXPPe1hCAtBYTiKwWJBbpJzoj3g7A%26c%3D3dd8b9f7%26v%3D3%22%2C%22videoHeight%22%3A250%2C%22videoWidth%22%3A300%2C%22videoDuration%22%3A10%2C%22pageViewId%22%3A%222f91ddfd3964c34ae45be1afe7213ef1%22%2C%22publisherId%22%3A%221211%22%2C%22sourceId%22%3A%22187095%22%2C%22widgetId%22%3A%22140%22%7D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.42.32.191 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers
start
ae-prod-onprem-ix7.dmxleo.com/v1/ad/ Frame 9407 		0
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ae-prod-onprem-ix7.dmxleo.com/v1/ad/start?ed=WR5wc8zUCGyGr8H2QSimQyHvmaeZeHzMJJVFDA9nuu8%3d&eb=L%2b4oS269NoVLxmYKQSiNYuS3TrDItDSe54z7MIVCC8k%3d&cpa=-1&cb=06036929&ei=A%2b2QxQI7%2fgfpfY%2fRv8g6ZkHVDt71%2fxnUBBMuwlkH6WEmejzzhW40KTqnMfnRCV0KY5McuQ1lyiTyfKQqw3O3Cw%3d%3d&rk=2&is_nonlinear=false
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.65.124.38 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
icscale-01-pub-ix7.vip.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-dm-lb-name
icscale-01-02
date
Wed, 15 Dec 2021 19:49:39 GMT
server
nginx/1.19.3
strict-transport-security
max-age=15724800; includeSubDomains
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain; charset=UTF-8
access-control-expose-headers
X-DMX-USER-ID
cache-control
no-store
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, X-DMX-USER-ID
content-length
0
events
ae.dmxleo.com/v2/ Frame 9407 		0
298 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ae.dmxleo.com/v2/events?id=e74d91e5-6a67-4c60-97ee-49d26bcdaa14&ts=1639597778.618&cidx=0&sidx=1&rk=2&t=start
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.65.124.38 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
icscale-01-pub-ix7.vip.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-dm-lb-name
icscale-01-02
date
Wed, 15 Dec 2021 19:49:39 GMT
server
nginx/1.19.3
strict-transport-security
max-age=15724800; includeSubDomains
access-control-allow-methods
POST, GET, OPTIONS
access-control-expose-headers
X-DMX-USER-ID
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, X-DMX-USER-ID
content-length
0
/
pebed.dm-event.net/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-dm-eventbus-compression-duration,x-dm-eventbus-worker-duration
Origin
https://www.dailymotion.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
*
Access-Control-Max-Age
604800
Server
edward-ed/2.2.1
Date
Wed, 15 Dec 2021 19:49:39 GMT
Content-Length
0
/
pebed.dm-event.net/ Frame 9407 		15 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pebed.dm-event.net/
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.59 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ebed2.dm.gg
Software
edward-ed/2.2.1 /
Resource Hash
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

Accept
application/json, text/plain, */*
X-Dm-EventBus-Worker-Duration
0
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Accept-Language
de-DE,de;q=0.9
X-Dm-EventBus-Compression-Duration
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

Date
Wed, 15 Dec 2021 19:49:39 GMT
Server
edward-ed/2.2.1
Access-Control-Max-Age
604800
Access-Control-Allow-Methods
POST
Content-Type
application/json
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Content-Encoding, X-Dm-EventBus-Compression-Duration, X-Dm-EventBus-Worker-Duration
Content-Length
15
dmp.endscreen.c2797cd393d0f04329e8.js
static1.dmcdn.net/playerv5/ Frame 9407 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.endscreen.c2797cd393d0f04329e8.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.manifest.a8563fface00cf3c9b95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
63db24da1093f96d6032cb6b40f317f3e395b0e812714adf2e0a3838c8252638

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:39 GMT
content-encoding
gzip
age
641976
server-timing
total;dur=0, dc;desc="dc3"
content-length
4075
last-modified
Wed, 08 Dec 2021 09:26:44 GMT
server
DMS/1.0.42
etag
"61b07a54-2e3d"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
ded30ba96c6c5a3def67f30013e26d6f
expires
Fri, 07 Jan 2022 09:30:03 GMT
dmp.videolist.ee0f9523a25da4ceb702.js
static1.dmcdn.net/playerv5/ Frame 9407 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static1.dmcdn.net/playerv5/dmp.videolist.ee0f9523a25da4ceb702.js
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.manifest.a8563fface00cf3c9b95.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.16 , United States, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-16.fra.llnw.net
Software
DMS/1.0.42 /
Resource Hash
62f2557cbb5c12ab6f5974e6688375f8153f2cf3da0aad2624d327de6a547816

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:39 GMT
content-encoding
gzip
age
712995
server-timing
total;dur=0, dc;desc="dc3"
content-length
1908
last-modified
Tue, 07 Dec 2021 13:36:32 GMT
server
DMS/1.0.42
etag
"61af6360-13c4"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-llid
3172f221b4f6e449fed577d66106ca45
expires
Thu, 06 Jan 2022 13:46:24 GMT
token
graphql.api.dailymotion.com/oauth/ Frame 9407 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://graphql.api.dailymotion.com/oauth/token
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.90 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
fp.dc3.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
28e0f646cf40ba29cafa539888e13491cb4c5412b1580c3f1f2b388ae24175c4
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

X-DM-Visitor-Id
2D76E625E425DA859D2C747624244DA0
X-DM-PlayerInfo-Version
v-0.0.2668-rc1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Accept
application/json, text/plain, */*
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
X-DM-PlayerInfo-Embedder
https://www.aiupnow.com/
X-DM-VisitorInfo-Onsite
0

Response headers

X-Dm-Api-Name
oauth
Date
Wed, 15 Dec 2021 19:49:40 GMT
Content-Encoding
gzip
X-Dm-Api-Version
1
X-Dm-Api-Backend-Response-Time
7
X-Dm-Api-Endpoint
/oauth/token
Content-Length
721
X-Dm-Lb-Name
icscale-01-02
Pragma
no-cache
Server
nginx/1.19.3
Strict-Transport-Security
max-age=15724800; includeSubDomains
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.dailymotion.com
Access-Control-Expose-Headers
Date,server,Content-Length
Cache-Control
no-store
Access-Control-Allow-Credentials
true
X-Dm-Api-Edge
dm-dc3
token
graphql.api.dailymotion.com/oauth/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://graphql.api.dailymotion.com/oauth/token
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.90 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
fp.dc3.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-dm-playerinfo-embedder,x-dm-playerinfo-version,x-dm-visitor-id,x-dm-visitorinfo-onsite
Origin
https://www.dailymotion.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
X-DM-VISITOR-ID,X-DM-PLAYERINFO-VERSION,X-DM-PLAYERINFO-EMBEDDER,X-DM-VISITORINFO-ONSITE
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
https://www.dailymotion.com
Cache-Control
no-store
Content-Length
0
Content-Type
application/octet-stream
Date
Wed, 15 Dec 2021 19:49:39 GMT
Pragma
no-cache
Server
nginx/1.19.3
Strict-Transport-Security
max-age=15724800; includeSubDomains
X-Dm-Api-Backend-Response-Time
4
X-Dm-Api-Edge
dm-dc3
X-Dm-Api-Endpoint
/oauth/token
X-Dm-Api-Name
oauth
X-Dm-Api-Version
1
X-Dm-Lb-Name
icscale-01-02
/
graphql.api.dailymotion.com/ Frame 9407 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://graphql.api.dailymotion.com/
Requested by
Host: static1.dmcdn.net
URL: https://static1.dmcdn.net/playerv5/dmp.vendor.dc19b5e1e17ebe5b97db.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.90 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
fp.dc3.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
288c0d40a12bfad5e6aab2e4ceb50fa14b4f8e47efc1ed8cb6f91d6409df1d12
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

X-DM-Visitor-Id
2D76E625E425DA859D2C747624244DA0
X-DM-PlayerInfo-Version
v-0.0.2668-rc1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/json
Accept
application/json, text/plain, */*
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Authorization
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhaWQiOiJmMWEzNjJkMjg4YzFiOTgwOTljNyIsInJvbCI6ImNhbi1tYW5hZ2UtcGFydG5lcnMtcmVwb3J0cyBjYW4tcmVhZC12aWRlby1zdHJlYW1zIGNhbi1zcG9vZi1jb3VudHJ5IGNhbi1hZG9wdC11c2VycyBjYW4tcmVhZC1jbGFpbS1ydWxlcyBjYW4tbWFuYWdlLWNsYWltLXJ1bGVzIGNhbi1tYW5hZ2UtdXNlci1hbmFseXRpY3MgY2FuLXJlYWQtbXktdmlkZW8tc3RyZWFtcyBjYW4tZG93bmxvYWQtbXktdmlkZW9zIGFjdC1hcyBhbGxzY29wZXMgYWNjb3VudC1jcmVhdG9yIGNhbi1yZWFkLWFwcGxpY2F0aW9ucyIsInNjbyI6Im1hbmFnZV9zdWJzY3JpcHRpb25zIG1hbmFnZV92aWRlb3MgdXNlcmluZm8iLCJsdG8iOiJPRGQwUlZOVldFbG5mRUJ1ZGxOUklFTS1mbTV6VmpsY0loczhQZyIsImFpbiI6MSwiYWRnIjoxLCJpYXQiOjE2Mzk1OTc3ODAsImV4cCI6MTYzOTYzMzcwMiwiZG12IjoiMSIsImF0cCI6ImJyb3dzZXIiLCJhZGEiOiJ3d3cuZGFpbHltb3Rpb24uY29tIiwidmlkIjoiMkQ3NkU2MjVFNDI1REE4NTlEMkM3NDc2MjQyNDREQTAiLCJmdHMiOjk5MTI5LCJjYWQiOjIsImN4cCI6MiwiY2F1IjoyLCJraWQiOiJBRjg0OURENzNBNTg2M0NEN0Q5N0QwQkFCMDcyMjQzQiJ9.sfREVorVjSyAg1uuF2kk6VEK569hKmxMMOJuG9zTYvc
X-DM-PlayerInfo-Embedder
https://www.aiupnow.com/
X-DM-VisitorInfo-Onsite
0

Response headers

X-Dm-Api-Name
graphql
Date
Wed, 15 Dec 2021 19:49:40 GMT
Content-Encoding
gzip
Vary
origin
X-Dm-Playermetadata-Iscached
0
X-Dm-Api-Version
1
X-Dm-Api-Graphql-Haserror
0
X-Dm-Api-Endpoint
/
Content-Length
1036
X-Dm-Lb-Name
icscale-01-02
X-Dm-Graphql-Engine
Tartiflette
X-Dm-Api-Backend-Response-Time
289
Server
nginx/1.19.3
Strict-Transport-Security
max-age=15724800; includeSubDomains
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.dailymotion.com
Access-Control-Expose-Headers
X-DM-API-Backend-Response-Time, X-DM-API-Edge, X-DM-API-Name, X-DM-API-Version, X-DM-API-Endpoint, X-DM-API-GraphQL-HasError, X-DM-To-Cache, X-DM-Log-URL, X-DM-Tracing-URL, X-DM-API-CDN-Name, X-DM-PlayerMetadata-IsCached
Access-Control-Allow-Credentials
true
X-Dm-Api-Edge
dm-dc3
Access-Control-Max-Age
7200
/
graphql.api.dailymotion.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://graphql.api.dailymotion.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
188.65.124.90 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
fp.dc3.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
authorization,content-type,x-dm-playerinfo-embedder,x-dm-playerinfo-version,x-dm-visitor-id,x-dm-visitorinfo-onsite
Origin
https://www.dailymotion.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
authorization,content-type,x-dm-playerinfo-embedder,x-dm-playerinfo-version,x-dm-visitor-id,x-dm-visitorinfo-onsite
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
https://www.dailymotion.com
Access-Control-Expose-Headers
X-DM-API-Backend-Response-Time, X-DM-API-Edge, X-DM-API-Name, X-DM-API-Version, X-DM-API-Endpoint, X-DM-API-GraphQL-HasError, X-DM-To-Cache, X-DM-Log-URL, X-DM-Tracing-URL, X-DM-API-CDN-Name, X-DM-PlayerMetadata-IsCached, authorization,content-type,x-dm-playerinfo-embedder,x-dm-playerinfo-version,x-dm-visitor-id,x-dm-visitorinfo-onsite
Access-Control-Max-Age
7200
Content-Encoding
gzip
Content-Type
text/plain
Date
Wed, 15 Dec 2021 19:49:40 GMT
Server
nginx/1.19.3
Strict-Transport-Security
max-age=15724800; includeSubDomains
X-Dm-Api-Backend-Response-Time
0
X-Dm-Api-Edge
dm-dc3
X-Dm-Api-Endpoint
/
X-Dm-Api-Name
graphql
X-Dm-Api-Version
1
X-Dm-Lb-Name
icscale-01-01
Content-Length
20
dt
dt.adsafeprotected.com/ Frame 9407 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=923995&asId=bdecc063-3ab9-3716-a96d-cd21ecbaf4bf&tv=%7Bc:wTEpsH,pingTime:-10,time:449,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Ni4wLjQ2NjQuOTMgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1639597780103%7C%7C1acb381890363a0b494279cc75d2a74f%7C%7Ca2fdad25d911a8a4b39828759d282361%7C%7C09c64c07bb7b019ae3859fabe2175a17%7C%7Ca9236dbfffe396655573bf3b32485315%7C%7C2c305fb8bac85ac46ee09bc2496cf959%7C%7C46ca4a781d8a535e52ceb4adf98cf5be%7C%7Cc8c61f9f2308ac4f9554d897a02bfcf6%7C%7C1629390669%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.149.196.103 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:40 GMT
x-server-name
dt20.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
db9141e72b
bam-cell.nr-data.net/events/1/ Frame 10D1 		24 B
497 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bam-cell.nr-data.net/events/1/db9141e72b?a=184865423&v=1212.e95d35c&to=ZAMANRNYWxZYAUxeXF1JIwIVUFoLFiNIR297EhYRPXpaC00QV1tfVhQRPTJcUyZWDExFXF8KBxMhSUcKWgdLRA%3D%3D&rst=14120&ck=1&ref=https://snd.click/mjI0tjt
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1212.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer
https://snd.click/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 15 Dec 2021 19:49:41 GMT
CF-Cache-Status
DYNAMIC
Server
cloudflare
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
https://snd.click
access-control-allow-credentials
true
Connection
keep-alive
CF-Ray
6be232523b8354c4-MAN
Content-Length
24
dt
dt.adsafeprotected.com/ Frame 9407 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=923995&asId=bdecc063-3ab9-3716-a96d-cd21ecbaf4bf&tv=%7Bc:wTEpST,pingTime:2,time:2073,type:p,clog:%5B%7Bpiv:-1,vs:n,r:,w:340,h:191,t:23%7D,%7Bpiv:0,vs:o,r:l,t:60%7D,%7Bpiv:100,vs:i,r:,t:72%7D%5D,ve:%7BvEventCount:16,vEvents:%5B%7Bt:-15,tp:adImpression,sl:undefined,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0,x_vv:3.7.0,x_vanstag:cm,x_xcamp:preroll,x_xplac:ZzlAHLaIDoot5p0FsRXvpg,x_ximp:e74d91e5-6a67-4c60-97ee-49d26bcdaa14,x_xpc:dailymotion%7D,%7Bt:-224,tp:adLoaded,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:-223,tp:adError,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0,message:%5Bobject%20Object%5D%7D,%7Bt:-223,tp:adStarted,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:-204,tp:adDurationChange,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:-33,tp:adDurationChange,sl:n,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:225,tp:resizeAd,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0,width:340,height:191,viewMode:normal%7D,%7Bt:233,tp:adVideoStart,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:233,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:474,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:718,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:969,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:1219,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:1469,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:1721,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:1969,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D%5D%7D,vv:3.7.0,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:2001,o:72,n:60,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:23,wc:0.0.1600.1200,ac:NaN.NaN.340.191,am:v,cc:NaN.NaN.340.191,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B55~1,0~0%5D,as:%5B55~340.191%5D%7D%7D,%7Bsl:o,t:60,wc:0.0.1600.1200,ac:NaN.NaN.340.191,am:v,cc:NaN.NaN.340.191,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B12~0%5D,as:%5B12~340.191%5D%7D%7D,%7Bsl:i,t:72,wc:0.0.1600.1200,ac:NaN.NaN.340.191,am:v,cc:NaN.NaN.340.191,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B2001~100%5D,as:%5B2001~340.191%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jsvid,dtt:694,fm:sRH3bUi+11%7C12%7C13%7C141%7C142%7C15*.923995%7C1511%7C152%7C1531%7C16%7C17%7C181%7C191%7C192%7C1a%7C1b%7C1c1%7C1c2%7C1c3%7C1d%7C1e%7C1f1%7C1f2%7C1g1%7C1g2%7C1h1%7C1h2%7C1i%7C1j%7C1k1%7C1k2%7C1l%7C1m%7C1n11%7C1n12%7C1o1%7C1o2%7C1p%7C1q%7C1r%7C1s%7C1t,idMap:15*,rmeas:1,rend:1,renddet:env%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.149.196.103 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:41 GMT
x-server-name
dt24.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
dt
dt.adsafeprotected.com/ Frame 9407 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=923995&asId=bdecc063-3ab9-3716-a96d-cd21ecbaf4bf&tv=%7Bc:wTEpSU,pingTime:2,time:2074,type:pf,clog:%5B%7Bpiv:-1,vs:n,r:,w:340,h:191,t:23%7D,%7Bpiv:0,vs:o,r:l,t:60%7D,%7Bpiv:100,vs:i,r:,t:72%7D%5D,ve:%7BvEventCount:16,vEvents:%5B%7Bt:-15,tp:adImpression,sl:undefined,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0,x_vv:3.7.0,x_vanstag:cm,x_xcamp:preroll,x_xplac:ZzlAHLaIDoot5p0FsRXvpg,x_ximp:e74d91e5-6a67-4c60-97ee-49d26bcdaa14,x_xpc:dailymotion%7D,%7Bt:-224,tp:adLoaded,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:-223,tp:adError,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0,message:%5Bobject%20Object%5D%7D,%7Bt:-223,tp:adStarted,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:-204,tp:adDurationChange,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:-33,tp:adDurationChange,sl:n,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:225,tp:resizeAd,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0,width:340,height:191,viewMode:normal%7D,%7Bt:233,tp:adVideoStart,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:233,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:474,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:718,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:969,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:1219,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:1469,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:1721,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:1969,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D%5D%7D,vv:3.7.0,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:2002,o:72,n:60,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:23,wc:0.0.1600.1200,ac:NaN.NaN.340.191,am:v,cc:NaN.NaN.340.191,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B55~1,0~0%5D,as:%5B55~340.191%5D%7D%7D,%7Bsl:o,t:60,wc:0.0.1600.1200,ac:NaN.NaN.340.191,am:v,cc:NaN.NaN.340.191,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B12~0%5D,as:%5B12~340.191%5D%7D%7D,%7Bsl:i,t:72,wc:0.0.1600.1200,ac:NaN.NaN.340.191,am:v,cc:NaN.NaN.340.191,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B2002~100%5D,as:%5B2002~340.191%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jsvid,dtt:694,fm:sRH3bUi+11%7C12%7C13%7C141%7C142%7C15*.923995%7C1511%7C152%7C1531%7C16%7C17%7C181%7C191%7C192%7C1a%7C1b%7C1c1%7C1c2%7C1c3%7C1d%7C1e%7C1f1%7C1f2%7C1g1%7C1g2%7C1h1%7C1h2%7C1i%7C1j%7C1k1%7C1k2%7C1l%7C1m%7C1n11%7C1n12%7C1o1%7C1o2%7C1p%7C1q%7C1r%7C1s%7C1t,idMap:15*,rmeas:1,rend:1,renddet:env%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.149.196.103 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:41 GMT
x-server-name
dt27.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
dt
dt.adsafeprotected.com/ Frame 9407 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=923995&asId=bdecc063-3ab9-3716-a96d-cd21ecbaf4bf&tv=%7Bc:wTEpSV,pingTime:2,time:2075,type:c,clog:%5B%7Bpiv:-1,vs:n,r:,w:340,h:191,t:23%7D,%7Bpiv:0,vs:o,r:l,t:60%7D,%7Bpiv:100,vs:i,r:,t:72%7D%5D,ve:%7BvEventCount:16,vEvents:%5B%7Bt:-15,tp:adImpression,sl:undefined,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0,x_vv:3.7.0,x_vanstag:cm,x_xcamp:preroll,x_xplac:ZzlAHLaIDoot5p0FsRXvpg,x_ximp:e74d91e5-6a67-4c60-97ee-49d26bcdaa14,x_xpc:dailymotion%7D,%7Bt:-224,tp:adLoaded,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:-223,tp:adError,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0,message:%5Bobject%20Object%5D%7D,%7Bt:-223,tp:adStarted,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:-204,tp:adDurationChange,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:-33,tp:adDurationChange,sl:n,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:225,tp:resizeAd,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0,width:340,height:191,viewMode:normal%7D,%7Bt:233,tp:adVideoStart,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:233,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:474,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:718,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:969,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:1219,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:1469,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:1721,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:1969,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D%5D%7D,vv:3.7.0,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:2003,o:72,n:60,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:23,wc:0.0.1600.1200,ac:NaN.NaN.340.191,am:v,cc:NaN.NaN.340.191,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B55~1,0~0%5D,as:%5B55~340.191%5D%7D%7D,%7Bsl:o,t:60,wc:0.0.1600.1200,ac:NaN.NaN.340.191,am:v,cc:NaN.NaN.340.191,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B12~0%5D,as:%5B12~340.191%5D%7D%7D,%7Bsl:i,t:72,wc:0.0.1600.1200,ac:NaN.NaN.340.191,am:v,cc:NaN.NaN.340.191,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B2003~100%5D,as:%5B2003~340.191%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jsvid,dtt:694,fm:sRH3bUi+11%7C12%7C13%7C141%7C142%7C15*.923995%7C1511%7C152%7C1531%7C16%7C17%7C181%7C191%7C192%7C1a%7C1b%7C1c1%7C1c2%7C1c3%7C1d%7C1e%7C1f1%7C1f2%7C1g1%7C1g2%7C1h1%7C1h2%7C1i%7C1j%7C1k1%7C1k2%7C1l%7C1m%7C1n11%7C1n12%7C1o1%7C1o2%7C1p%7C1q%7C1r%7C1s%7C1t,idMap:15*,rmeas:1,rend:1,renddet:env,metricId:publ2,cmr:t%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.149.196.103 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:41 GMT
x-server-name
dt01.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
53791720
mc.yandex.com/watch/ 		43 B
145 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/watch/53791720?page-url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&charset=utf-8&browser-info=nb%3A1%3Acl%3A1232%3Aar%3A1%3Agdpr%3A14%3Avf%3Aykcyjkqfph1z85b6in%3Afu%3A1%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A720%3Acn%3A1%3Adp%3A1%3Als%3A527820595439%3Ahid%3A371238071%3Az%3A0%3Ai%3A20211215194942%3Aet%3A1639597782%3Ac%3A1%3Arn%3A110882758%3Arqn%3A2%3Au%3A1639597767748546093%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Aeu%3A1%3Ans%3A1639597765853%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C5880%2C5880%2C19%2C%3Adsn%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C5881%2C5881%2C18%2C%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1639597782&t=gdpr(14)aw(1)lt(63000)ti(0)&force-urlencoded=1
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.aiupnow.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:42 GMT
last-modified
Wed, 15-Dec-2021 19:49:42 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://www.aiupnow.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Wed, 15-Dec-2021 19:49:42 GMT
recordMorpheus
videoevents.outbrain.com/events/ Frame 9407 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://videoevents.outbrain.com/events/recordMorpheus?data=%7B%22eventType%22%3A%22FIRST_QUARTILE%22%2C%22localTime%22%3A%222021-12-15T14%3A49%3A39.360854515%22%2C%22videoClickUrl%22%3A%22https%3A%2F%2Fpaid.outbrain.com%2Fnetwork%2Fredir%3Fp%3DFWc2dpD6DWHBvafGgQ72TehQI_uv4T48BnHfPZPrczRUI47YWXxin5100-g0t1YUUk3_7zaYGamp3SlTkNCn9VzAx8DPkVZy4tIaW92lCTJr7QIVR2e60lfAKpqL-lrycq2TCCS1UQVfZDFII08QMnWsy1FzifSGA38HK1tRUBHo3OM8gQD47wwmJw276kzmRC5bBhKcizcPF2d-gxasNTC5X9CDdTKH08o8cIZWgFOFDtOmENrthCN1fhHOdTSi7OUXBS1hCpTd-B3FCmjz0gHdqLBSa_BfOvyioqK8NY_Ns4MK95zd4027j_L4aCMlA0Sv3Y-9-AAiRbBB7iflksms70tp15bQ_BvNLJPbF4dmZ0eHMpYx13MMSOxP85TGQmGRva26M4YiiSB80Wg_M83XF5nwdvHAwLyZwxgb3gi8r53fFispv7HxdMEGx_rLQ0w5IBxEGXEmF-JgEJN5cSuX1ysusdYn2PR8EG5Wv76IC_mrfhnOopugJX67A-KwQOAqc54xTj727Pt7JKP04BqCboBektJAs-gPz-Rm3pUNyl_YS_cpsac9vfbMdJbCqYkWIIyskDaiuIfO1k2IZrQruYYlz6YYVfeXvesQbLEyjY3BHSQFCWK7d3KX2MiYo8D5bOgv7dftkocsdeo4E3N4xSakehsKH64WCMMHhCfjZOw8ap62qOrJZ1nuLWPUl-esLdv68uttSz7YJTU-IeYm2HcDS2oykTG1vJUZPRC0HmfBmznWFdl16nqHdJosSHvgPwcofod2iMpN7m-yIuUq4zTxYpj_dKSOpUdZXpV8qNacz2HmlMBCz8_X_cvhTjDfsJW1MAzz4rNOqkXsF3bbsjQu6AKHZr4hlQo58RqIm-PVxdMmvsF8E4y3P2zCW59evraZKggyz8nnWfFBQrw5INXzRCSE18HfojEd-hoP2CHK-U7acpjWEucbRjQYDTddHECRz-0Ny96ylT2n9y8BQTVzN7YD6ZFKvWvgvTyjwzGs8ahXpMJuqM2yP_HTaG1Wjbpd35DoEtenySYZcE1wvl5-d8yGoP77tQriV-9ujdJPxChQzIyosOdzM4FT40eHOWRr1WrRbvUcxvQiFf_4WgMF4dFJYBpqciDhvKB3RkoYvyXNVseCTSGHm13MS4i7iQDmQx04BiSYXpv2bo9Qz_kqc9VSirbHODR2lQqnNzDepajp2jWbWXJ_9GYYL2aim_UO2vppjr3kafA2W2USce_PxXY7A5hLR-uTB_NKxe5U_Jm_lDWDm2dZg3b21ODY388DQHgP8ZryvaR7Noy7Ea1fgtEPZ5RQXPPe1hCAtBYTiKwWJBbpJzoj3g7A%26c%3D3dd8b9f7%26v%3D3%22%2C%22videoHeight%22%3A250%2C%22videoWidth%22%3A300%2C%22videoDuration%22%3A10%2C%22pageViewId%22%3A%222f91ddfd3964c34ae45be1afe7213ef1%22%2C%22publisherId%22%3A%221211%22%2C%22sourceId%22%3A%22187095%22%2C%22widgetId%22%3A%22140%22%7D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.42.32.191 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers
1st
ae-prod-onprem-ix7.dmxleo.com/v1/ad/ Frame 9407 		0
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ae-prod-onprem-ix7.dmxleo.com/v1/ad/1st?ed=WR5wc8zUCGyGr8H2QSimQyHvmaeZeHzMJJVFDA9nuu8%3d&eb=L%2b4oS269NoVLxmYKQSiNYuS3TrDItDSe54z7MIVCC8k%3d&cpa=-1&cb=62301740&ei=A%2b2QxQI7%2fgfpfY%2fRv8g6ZkHVDt71%2fxnUBBMuwlkH6WEmejzzhW40KTqnMfnRCV0KY5McuQ1lyiTyfKQqw3O3Cw%3d%3d&rk=2&is_nonlinear=false
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.65.124.38 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
icscale-01-pub-ix7.vip.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-dm-lb-name
icscale-01-02
date
Wed, 15 Dec 2021 19:49:42 GMT
server
nginx/1.19.3
strict-transport-security
max-age=15724800; includeSubDomains
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain; charset=UTF-8
access-control-expose-headers
X-DMX-USER-ID
cache-control
no-store
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, X-DMX-USER-ID
content-length
0
events
ae.dmxleo.com/v2/ Frame 9407 		0
298 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ae.dmxleo.com/v2/events?id=e74d91e5-6a67-4c60-97ee-49d26bcdaa14&ts=1639597778.618&cidx=0&sidx=1&rk=2&t=firstQuartile
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.65.124.38 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
icscale-01-pub-ix7.vip.dailymotion.com
Software
nginx/1.19.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-dm-lb-name
icscale-01-02
date
Wed, 15 Dec 2021 19:49:42 GMT
server
nginx/1.19.3
strict-transport-security
max-age=15724800; includeSubDomains
access-control-allow-methods
POST, GET, OPTIONS
access-control-expose-headers
X-DMX-USER-ID
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, X-DMX-USER-ID
content-length
0
dt
dt.adsafeprotected.com/ Frame 9407 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?anId=923995&asId=bdecc063-3ab9-3716-a96d-cd21ecbaf4bf&tv=%7Bc:wTEpZC,pingTime:-4,time:2490,type:m,clog:%5B%7Bpiv:-1,vs:n,r:,w:340,h:191,t:23%7D,%7Bpiv:0,vs:o,r:l,t:60%7D,%7Bpiv:100,vs:i,r:,t:72%7D%5D,ve:%7BvEventCount:18,vEvents:%5B%7Bt:-15,tp:adImpression,sl:undefined,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0,x_vv:3.7.0,x_vanstag:cm,x_xcamp:preroll,x_xplac:ZzlAHLaIDoot5p0FsRXvpg,x_ximp:e74d91e5-6a67-4c60-97ee-49d26bcdaa14,x_xpc:dailymotion%7D,%7Bt:-224,tp:adLoaded,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:-223,tp:adError,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0,message:%5Bobject%20Object%5D%7D,%7Bt:-223,tp:adStarted,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:-204,tp:adDurationChange,sl:n,ad_duration:0,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:-33,tp:adDurationChange,sl:n,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:225,tp:resizeAd,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0,width:340,height:191,viewMode:normal%7D,%7Bt:233,tp:adVideoStart,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:233,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:474,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:718,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:969,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:1219,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:1469,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:1721,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:1969,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:2218,tp:adDurationChange,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D,%7Bt:2483,tp:adVideoFirstQuartile,sl:i,ad_duration:9.934,ad_offset_left:0,ad_offset_top:0,volume:0%7D%5D%7D,vv:3.7.0,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:1,slTimes:%7Bi:2418,o:72,n:60,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:23,wc:0.0.1600.1200,ac:NaN.NaN.340.191,am:v,cc:NaN.NaN.340.191,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B55~1,0~0%5D,as:%5B55~340.191%5D%7D%7D,%7Bsl:o,t:60,wc:0.0.1600.1200,ac:NaN.NaN.340.191,am:v,cc:NaN.NaN.340.191,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B12~0%5D,as:%5B12~340.191%5D%7D%7D,%7Bsl:i,t:72,wc:0.0.1600.1200,ac:NaN.NaN.340.191,am:v,cc:NaN.NaN.340.191,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B2418~100%5D,as:%5B2418~340.191%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jsvid,dtt:189,fm:sRH3bUi+11%7C12%7C13%7C141%7C142%7C15*.923995%7C1511%7C152%7C1531%7C16%7C17%7C181%7C191%7C192%7C1a%7C1b%7C1c1%7C1c2%7C1c3%7C1d%7C1e%7C1f1%7C1f2%7C1g1%7C1g2%7C1h1%7C1h2%7C1i%7C1j%7C1k1%7C1k2%7C1l%7C1m%7C1n11%7C1n12%7C1o1%7C1o2%7C1p%7C1q%7C1r%7C1s%7C1t,idMap:15*,rmeas:1,rend:1,renddet:env%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.149.196.103 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Dec 2021 19:49:42 GMT
x-server-name
dt10.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
cache-control
no-cache
content-type
image/gif
content-length
43
server
nginx
p2
sb.scorecardresearch.com/ Frame 9407
Redirect Chain
  • https://sb.scorecardresearch.com/p?c1=19&c2=4000005&ns_ap_an=unknown&ns_ap_pn=js&ns_ap_pv=5&c12=_&name=foreground&ns_ap_ec=1&ns_ap_ev=start&ns_ap_device=Linux%20x86_64&ns_ap_id=1639597783628&ns_ap_...
  • https://sb.scorecardresearch.com/p2?c1=19&c2=4000005&ns_ap_an=unknown&ns_ap_pn=js&ns_ap_pv=5&c12=_&name=foreground&ns_ap_ec=1&ns_ap_ev=start&ns_ap_device=Linux%20x86_64&ns_ap_id=1639597783628&ns_ap...
64 B
329 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/p2?c1=19&c2=4000005&ns_ap_an=unknown&ns_ap_pn=js&ns_ap_pv=5&c12=_&name=foreground&ns_ap_ec=1&ns_ap_ev=start&ns_ap_device=Linux%20x86_64&ns_ap_id=1639597783628&ns_ap_csf=1&ns_ap_bi=unknown&ns_ap_pfm=webbrowser&ns_ap_pfv=Chrome%2096.0.4664.93&ns_ap_ver=unknown&ns_ap_sv=7.6.0.210114&ns_ap_bv=7.6.0.210114&ns_ap_smv=6.4&ns_type=view&ns_ap_gs=1639597778619&ns_ts=1639597778619&ns_ap_cfg=1110101-110-3C-7D0-A-1F-1E-1E-12C-A&ns_ap_env=0-0-2&ns_ap_ut=60000&ns_ap_ar=unknown&ns_ap_cs=1&ns_ap_fg=1&ns_ap_dft=0&ns_ap_dbt=0&ns_ap_dit=0&ns_ap_as=1&ns_ap_das=0&ns_ap_usage=0&ns_radio=unknown&gdpr=1&gdpr_consent=&ns_ap_install=1639597778619&ns_ap_ft=0&ns_ap_bt=0&ns_ap_it=0&ns_ap_res=340x191&ns_ap_sd=1600x1200&ns_ap_po=0x0&ns_ap_lang=en-US&ns_ap_jb=unknown&ns_c=UTF-8&c7=https%3A%2F%2Fwww.dailymotion.com%2Fembed%2Fvideo%2Fx7zgqmr%3Fautoplay%3D1%26mute%3D1&c8=Dailymotion%20Video%20Player&c9=https%3A%2F%2Fwww.aiupnow.com%2F
Protocol
H2
Server
13.225.87.89 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:43 GMT
via
1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
etag
W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache
Miss from cloudfront
content-type
image/gif; charset=utf-8
content-length
64
x-amz-cf-id
4m1rnWn10sXkNWc6ZFVXxCzVZjfH7pm8EoVbLtLbxExy7osy7_mZGA==

Redirect headers

date
Wed, 15 Dec 2021 19:49:43 GMT
via
1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
vary
Accept
x-cache
Miss from cloudfront
content-type
text/plain; charset=utf-8
location
https://sb.scorecardresearch.com/p2?c1=19&c2=4000005&ns_ap_an=unknown&ns_ap_pn=js&ns_ap_pv=5&c12=_&name=foreground&ns_ap_ec=1&ns_ap_ev=start&ns_ap_device=Linux%20x86_64&ns_ap_id=1639597783628&ns_ap_csf=1&ns_ap_bi=unknown&ns_ap_pfm=webbrowser&ns_ap_pfv=Chrome%2096.0.4664.93&ns_ap_ver=unknown&ns_ap_sv=7.6.0.210114&ns_ap_bv=7.6.0.210114&ns_ap_smv=6.4&ns_type=view&ns_ap_gs=1639597778619&ns_ts=1639597778619&ns_ap_cfg=1110101-110-3C-7D0-A-1F-1E-1E-12C-A&ns_ap_env=0-0-2&ns_ap_ut=60000&ns_ap_ar=unknown&ns_ap_cs=1&ns_ap_fg=1&ns_ap_dft=0&ns_ap_dbt=0&ns_ap_dit=0&ns_ap_as=1&ns_ap_das=0&ns_ap_usage=0&ns_radio=unknown&gdpr=1&gdpr_consent=&ns_ap_install=1639597778619&ns_ap_ft=0&ns_ap_bt=0&ns_ap_it=0&ns_ap_res=340x191&ns_ap_sd=1600x1200&ns_ap_po=0x0&ns_ap_lang=en-US&ns_ap_jb=unknown&ns_c=UTF-8&c7=https%3A%2F%2Fwww.dailymotion.com%2Fembed%2Fvideo%2Fx7zgqmr%3Fautoplay%3D1%26mute%3D1&c8=Dailymotion%20Video%20Player&c9=https%3A%2F%2Fwww.aiupnow.com%2F
content-length
967
x-amz-cf-id
CeyEPFOCcy0hm6dFzXHrWI12J5h224BpfZWNuQjfjAFEB3WBCxS3jQ==
p2
sb.scorecardresearch.com/ Frame 9407
Redirect Chain
  • https://sb.scorecardresearch.com/p?c1=19&c2=4000005&ns_ap_an=unknown&ns_ap_pn=js&ns_ap_pv=5&c12=_&name=foreground&ns_ap_ec=2&ns_ap_ev=hidden&ns_ap_device=Linux%20x86_64&ns_ap_id=1639597783628&ns_ap...
  • https://sb.scorecardresearch.com/p2?c1=19&c2=4000005&ns_ap_an=unknown&ns_ap_pn=js&ns_ap_pv=5&c12=_&name=foreground&ns_ap_ec=2&ns_ap_ev=hidden&ns_ap_device=Linux%20x86_64&ns_ap_id=1639597783628&ns_a...
64 B
328 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/p2?c1=19&c2=4000005&ns_ap_an=unknown&ns_ap_pn=js&ns_ap_pv=5&c12=_&name=foreground&ns_ap_ec=2&ns_ap_ev=hidden&ns_ap_device=Linux%20x86_64&ns_ap_id=1639597783628&ns_ap_bi=unknown&ns_ap_pfm=webbrowser&ns_ap_pfv=Chrome%2096.0.4664.93&ns_ap_ver=unknown&ns_ap_sv=7.6.0.210114&ns_ap_bv=7.6.0.210114&ns_ap_smv=6.4&ns_type=hidden&ns_ts=1639597779874&ns_ap_env=0-0-2&ns_st_sv=7.6.0.210114&ns_st_smv=6.4&ns_st_it=c&ns_st_id=cc2ecf73baed48448bf1c4a56f7618d2&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_sp=1&ns_st_sc=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_dppc=1&ns_st_dapc=1&ns_st_dspc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_po=0&ns_st_lda=0&ns_st_ldw=0&ns_st_ldo=0&ns_st_hd=10001&ns_st_mp=unknown&ns_st_mv=unknown&ns_st_cl=10000&ns_st_pn=1&ns_st_tp=1&ns_st_ct=va11&ns_st_ad=pre-roll&ns_st_li=0&ns_st_ty=video&ns_st_ci=x7zgqmr&ns_ap_ar=unknown&ns_ap_cs=1&ns_radio=unknown&ns_st_pt=0&ns_st_ipt=0&ns_st_iap=0&ns_st_iet=0&ns_st_iupc=0&ns_st_iupa=0&ns_st_ilpc=0&ns_st_ilpa=0&ns_st_ibc=0&ns_st_ibt=0&ns_st_itpc=0&ns_st_icpc=0&ns_st_cfg=111110001-5-4b0-3-5&ns_st_rcn=2&ns_st_cpo=0&c3=Dailymotion_Music&c4=0400&c6=*null&ns_st_bn=1&ns_st_an=1&ns_st_ce=*null&ns_st_ia=*null&ns_st_pu=BruceDayne&ns_st_st=BruceDayne&ns_st_pr=Aerobic%20Trap%20Melody%20-%20Smooth%20Trap%20Beat%20%7C%20Instrumental%20Music&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_ge=BruceDayne%2CBeats%20by%20BruceDayne%2CTrap%20Bluez%2Ctrapbluez%2Ctrap%20type%20beat%202021%2Ctrap%20type%20beats%202021%2Ctrap%20instrumental%202021%2Caerobic%2Caerobic%20trap%20beat%2Caerobic%20trap%20type%20beat%2Caerobic%20trap%20type%20beats%2Caerobic%20hip%20hop%20beat%2Caerobic%20hip%20hop%20instrumental%2Caerobic%20trap%20instrumental%2Caerobic%20type%20beat%2Caerobic%20type%20beats%2Caerobic%20type%20beat%202021%2Ctrap%20type%20beat%202020%2Ctrap%20type%20beat%20free%20for%20profit%2Ctrap%20type%20beat%202019%2Ctrap%20type%20beat%20free%2Ctrap%20type%20beat%20instrumental%2Ctrap%20type%20beat%20with%20hook%2Ctrap%20type%20beat%202020%20free%2Ctrap%20type%20beat%20anuel%2Ctrap%20type%20beat%20anime%2Ctrap%20type%20beat%20asap%20rocky%2Ctrap%20type%20beat%20artwork%2Caggressive%20trap%20type%20beat%2Ctrap%20type%20beat%20afro%2Ctrap%20type%20beat%20atlanta%2Ctrap%20type%20beat%20asan%2Ca%20boogie%20trap%20type%20beat%2Ctrap%20type%20beat%20bass%2Ctrap%20type%20beat%20bass%20boosted%2Ctrap%20type%20beat%20bad%20bunny%2Ctrap%20type%20beat%20boo%2Ctrap%20type%20beat%20boom%20bap%2Ctrap%20type%20beat%20banger%2Ctrap%20type%20beat%20bryant%20myers%2Ctrap%20type%20beat%20bells%2Csmooth%20rb%20trap%20type%20beat%2Cr%20n%20b%20trap%20type%20beat%2Crnb%20trap%20type%20beat%202020%2C90s%20rnb%20trap%20type%20beat%2Ccardi%20b%20trap%20type%20beat%2Crb%20trap%20type%20beat%20playlist%2Ctrap%20rnb%20type%20beats%2C808%20rb%20trap%20type%20beat&ns_st_dskc=0&ns_st_dska=0&ns_st_skd=0&ns_st_dskt=0&ns_st_dpc=0&gdpr=1&gdpr_consent=&ns_ap_res=340x191&ns_ap_sd=1600x1200&ns_ap_po=0x0&ns_ap_lang=en-US&ns_c=UTF-8&ns_st_lt=12209&ns_st_br=0&ns_st_rt=100&ns_st_vo=100&ns_st_pb=1&ns_st_dpt=0&ns_st_ap=0&ns_st_dap=0&ns_st_et=0&ns_st_det=0&ns_st_upc=0&ns_st_dupc=0&ns_st_upa=0&ns_st_dupa=0&ns_st_lpc=0&ns_st_dlpc=0&ns_st_lpa=0&ns_st_dlpa=0&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_dtpc=0&ns_st_dcpc=0&ns_st_skc=0&ns_st_ska=0&ns_st_skt=0&ns_st_pc=0&ns_st_pp=0&ns_st_pa=0&c7=https%3A%2F%2Fwww.dailymotion.com%2Fembed%2Fvideo%2Fx7zgqmr%3Fautoplay%3D1%26mute%3D1&c8=Dailymotion%20Video%20Player&c9=https%3A%2F%2Fwww.aiupnow.com%2F&ns_st_ub=0&ns_st_ti=*null
Protocol
H2
Server
13.225.87.89 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 19:49:43 GMT
via
1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
etag
W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache
Miss from cloudfront
content-type
image/gif; charset=utf-8
content-length
64
x-amz-cf-id
CYcfplyj0PEhchaHjiayjTF0aiVrqRxqKHg_bsRw0rcmmLN33SxSAQ==

Redirect headers

date
Wed, 15 Dec 2021 19:49:43 GMT
via
1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
vary
Accept
x-cache
Miss from cloudfront
content-type
text/plain; charset=utf-8
location
https://sb.scorecardresearch.com/p2?c1=19&c2=4000005&ns_ap_an=unknown&ns_ap_pn=js&ns_ap_pv=5&c12=_&name=foreground&ns_ap_ec=2&ns_ap_ev=hidden&ns_ap_device=Linux%20x86_64&ns_ap_id=1639597783628&ns_ap_bi=unknown&ns_ap_pfm=webbrowser&ns_ap_pfv=Chrome%2096.0.4664.93&ns_ap_ver=unknown&ns_ap_sv=7.6.0.210114&ns_ap_bv=7.6.0.210114&ns_ap_smv=6.4&ns_type=hidden&ns_ts=1639597779874&ns_ap_env=0-0-2&ns_st_sv=7.6.0.210114&ns_st_smv=6.4&ns_st_it=c&ns_st_id=cc2ecf73baed48448bf1c4a56f7618d2&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_sp=1&ns_st_sc=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_dppc=1&ns_st_dapc=1&ns_st_dspc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_po=0&ns_st_lda=0&ns_st_ldw=0&ns_st_ldo=0&ns_st_hd=10001&ns_st_mp=unknown&ns_st_mv=unknown&ns_st_cl=10000&ns_st_pn=1&ns_st_tp=1&ns_st_ct=va11&ns_st_ad=pre-roll&ns_st_li=0&ns_st_ty=video&ns_st_ci=x7zgqmr&ns_ap_ar=unknown&ns_ap_cs=1&ns_radio=unknown&ns_st_pt=0&ns_st_ipt=0&ns_st_iap=0&ns_st_iet=0&ns_st_iupc=0&ns_st_iupa=0&ns_st_ilpc=0&ns_st_ilpa=0&ns_st_ibc=0&ns_st_ibt=0&ns_st_itpc=0&ns_st_icpc=0&ns_st_cfg=111110001-5-4b0-3-5&ns_st_rcn=2&ns_st_cpo=0&c3=Dailymotion_Music&c4=0400&c6=*null&ns_st_bn=1&ns_st_an=1&ns_st_ce=*null&ns_st_ia=*null&ns_st_pu=BruceDayne&ns_st_st=BruceDayne&ns_st_pr=Aerobic%20Trap%20Melody%20-%20Smooth%20Trap%20Beat%20%7C%20Instrumental%20Music&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_ge=BruceDayne%2CBeats%20by%20BruceDayne%2CTrap%20Bluez%2Ctrapbluez%2Ctrap%20type%20beat%202021%2Ctrap%20type%20beats%202021%2Ctrap%20instrumental%202021%2Caerobic%2Caerobic%20trap%20beat%2Caerobic%20trap%20type%20beat%2Caerobic%20trap%20type%20beats%2Caerobic%20hip%20hop%20beat%2Caerobic%20hip%20hop%20instrumental%2Caerobic%20trap%20instrumental%2Caerobic%20type%20beat%2Caerobic%20type%20beats%2Caerobic%20type%20beat%202021%2Ctrap%20type%20beat%202020%2Ctrap%20type%20beat%20free%20for%20profit%2Ctrap%20type%20beat%202019%2Ctrap%20type%20beat%20free%2Ctrap%20type%20beat%20instrumental%2Ctrap%20type%20beat%20with%20hook%2Ctrap%20type%20beat%202020%20free%2Ctrap%20type%20beat%20anuel%2Ctrap%20type%20beat%20anime%2Ctrap%20type%20beat%20asap%20rocky%2Ctrap%20type%20beat%20artwork%2Caggressive%20trap%20type%20beat%2Ctrap%20type%20beat%20afro%2Ctrap%20type%20beat%20atlanta%2Ctrap%20type%20beat%20asan%2Ca%20boogie%20trap%20type%20beat%2Ctrap%20type%20beat%20bass%2Ctrap%20type%20beat%20bass%20boosted%2Ctrap%20type%20beat%20bad%20bunny%2Ctrap%20type%20beat%20boo%2Ctrap%20type%20beat%20boom%20bap%2Ctrap%20type%20beat%20banger%2Ctrap%20type%20beat%20bryant%20myers%2Ctrap%20type%20beat%20bells%2Csmooth%20rb%20trap%20type%20beat%2Cr%20n%20b%20trap%20type%20beat%2Crnb%20trap%20type%20beat%202020%2C90s%20rnb%20trap%20type%20beat%2Ccardi%20b%20trap%20type%20beat%2Crb%20trap%20type%20beat%20playlist%2Ctrap%20rnb%20type%20beats%2C808%20rb%20trap%20type%20beat&ns_st_dskc=0&ns_st_dska=0&ns_st_skd=0&ns_st_dskt=0&ns_st_dpc=0&gdpr=1&gdpr_consent=&ns_ap_res=340x191&ns_ap_sd=1600x1200&ns_ap_po=0x0&ns_ap_lang=en-US&ns_c=UTF-8&ns_st_lt=12209&ns_st_br=0&ns_st_rt=100&ns_st_vo=100&ns_st_pb=1&ns_st_dpt=0&ns_st_ap=0&ns_st_dap=0&ns_st_et=0&ns_st_det=0&ns_st_upc=0&ns_st_dupc=0&ns_st_upa=0&ns_st_dupa=0&ns_st_lpc=0&ns_st_dlpc=0&ns_st_lpa=0&ns_st_dlpa=0&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_dtpc=0&ns_st_dcpc=0&ns_st_skc=0&ns_st_ska=0&ns_st_skt=0&ns_st_pc=0&ns_st_pp=0&ns_st_pa=0&c7=https%3A%2F%2Fwww.dailymotion.com%2Fembed%2Fvideo%2Fx7zgqmr%3Fautoplay%3D1%26mute%3D1&c8=Dailymotion%20Video%20Player&c9=https%3A%2F%2Fwww.aiupnow.com%2F&ns_st_ub=0&ns_st_ti=*null
content-length
3609
x-amz-cf-id
dNi-0DxJ7FVgPIHSXnphjbD0WaShW2Q_IQKuhNIt_ZTgecAcpq2uAw==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.dailymotion.com
URL
https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Domain
www.facebook.com
URL
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Faiupnow%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&appId=1997641080334383
Domain
open.spotify.com
URL
https://open.spotify.com/follow/1?uri=spotify:artist:7MGsRbZ2l9Yi22CxuFpi1H?si=Gc_gop-YRV-hvsLIPOpT5Q&size=detail&theme=light
Domain
snd.click
URL
https://snd.click/mjI0tjt?embed=1
Domain
googleads.g.doubleclick.net
URL
https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-1342347843351338&output=html&h=250&slotname=3651997524&adk=4109335272&adf=556582571&pi=t.ma~as.3651997524&w=250&lmt=1639580699&psa=0&format=250x250&url=https%3A%2F%2Fwww.aiupnow.com%2F2021%2F12%2Fhackers-using-malicious-iis-server.html&flash=0&host=ca-host-pub-1556223355139109&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597766616&bpp=1&bdt=338&idt=1&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=6217839419993&frm=20&pv=1&ga_vid=1224592578.1639597767&ga_sid=1639597767&ga_hid=2040115033&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=3465&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753739&oid=2&pvsid=1607043423101883&pem=630&tmod=842&ref=https%3A%2F%2Ft.co%2FIMBWIxzlWq&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&btvi=1&fsb=1&xpc=mJaJBCYa8E&p=https%3A//www.aiupnow.com&dtd=5

Verdicts & Comments Add Verdict or Comment

206 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 object| 26 object| 27 object| 28 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| _mNHandle string| medianet_versionId function| fbq function| _fbq object| webpackChunkpublisher_sdk function| Shareaholic string| GoogleAnalyticsObject function| ga function| $ function| jQuery function| loadCSS object| adsbygoogle number| perPage object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state object| google_persistent_state_async boolean| _gfp_a_ object| google_sa_queue object| google_sl_win function| google_process_slots boolean| google_apltlad function| google_spfd number| google_lpabyc number| google_unique_id object| google_sv_map string| google_user_agent_client_hint string| disqus_shortname number| infolinks_pid number| infolinks_wsid object| $iceboot object| INFOLINKS object| gapi object| ___jsl object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| _mN object| _mNSrv function| setup string| _mN_Idf undefined| _mN_ctr string| _mN_ctrM object| mnjs object| hbCMBidxc object| _mNDetails function| _cmL1Require function| _cmL1Define undefined| _mNE function| google_sa_impl object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages object| FB object| creditsyear function| ym string| no_image object| month_format string| more_text string| comments_text string| pagenav_prev string| pagenav_next string| POSTPAGER_OLDER string| POSTPAGER_NEWER string| s string| o string| u function| selectnav object| jQuery111007687505175406069 undefined| jQuery111007687505175406069_1639597766401 undefined| jQuery111007687505175406069_1639597766403 undefined| jQuery111007687505175406069_1639597766405 undefined| jQuery111007687505175406069_1639597766407 undefined| jQuery111007687505175406069_1639597766409 function| BLOG_attachCsiOnload function| _WidgetManager function| _WidgetInfo function| widget_module_provide function| _AdSenseView function| _BlogArchiveView function| _AttributionView function| _BlogView function| _BlogListView function| _BlogSearchView function| _ContactFormView function| _ExampleView function| _FeaturedPostView function| _FeedView function| _FollowersView function| _HeaderView function| _TextView function| _HTMLView function| _ImageView function| _LabelView function| _TextListView function| _LinkListView function| _BloggerButtonView function| _NavbarView function| _PageListView function| _PollView function| _PopularPostsView function| _ProfileView function| _RecentPostsView function| _ReportAbuseView function| _SharingView function| _StatsView function| _SubscribeView function| _SW_toggleReaderList function| _SW_hideReaderList function| _TranslateView function| _WikipediaView string| __wavt function| __gjsload__ object| cookieChoices number| level number| offset undefined| jQuery111007687505175406069_1639597766411 undefined| jQuery111007687505175406069_1639597766413 function| _typeof object| $ice object| $infolinks object| osapi object| gadgets object| shindig object| iframer function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow boolean| publisherConfigLoaded function| disqus_config object| DISQUS function| disqus_recommendations_config number| widthCompare object| __gapi_jstiming__ object| help object| hgb object| userfeedback object| Ya object| yaCounter53791720 function| vglnk number| $iceId object| DISQUS_RECOMMENDATIONS function| JSONP_7341 function| JSONP_7464 object| VK function| JSONP_7114 boolean| __v5k function| vl_cB function| vl_disable function| vglnk_16395977678866 undefined| vglnk_16395977678867 function| __shareaholicAdsBannerLoaded object| bubble object| skins object| googletag undefined| vglnk_16395977683159 object| google_llp object| GoogleGcLKhOms object| google_image_requests

75 Cookies

Domain/Path Name / Value
.googleusercontent.com/docs/securesc/n4tt96pmlq8gcqn3bf4ktb9vdim3i29o Name: AUTH_g3em8o88f8b227jtmi1c4ldbnevt56pe
Value: 14799480645933431078Z|1639597725000|fde44ukb5b13v8qsjrq3ikijtg57d4q4
www.aiupnow.com/2021/12 Name: logglytrackingsession
Value: 5f655d49-797e-48aa-b4f3-d7e3e263fc6d
.t.co/ Name: muc
Value: 1e3e9d9b-03a1-4339-bfe8-d740e9dce15f
.t.co/ Name: muc_ads
Value: 1e3e9d9b-03a1-4339-bfe8-d740e9dce15f
.google.com/ Name: NID
Value: 511=efhkjT9ARU89coZekR85f2jSV7mHzttFAxrin-BdhDmvXkkzQgYxtY6Z2k-rivKwfXScs3BWPxg6CXs2SY312U2Y-llyHlR8MDAX7sVs4TqkFaJkIQWH5uC1e1IKH6fLQaTFrSsT6m5-Qoe0SKCD-AL4zgCRQD1IgJxuxF81ejo
.aiupnow.com/ Name: _ga
Value: GA1.2.1224592578.1639597767
.aiupnow.com/ Name: _gid
Value: GA1.2.496403826.1639597767
.aiupnow.com/ Name: _gat_blogger
Value: 1
.youtube.com/ Name: YSC
Value: 2tSSWj9o0mI
.dailymotion.com/ Name: v1st
Value: 2D76E625E425DA859D2C747624244DA0
.dailymotion.com/ Name: dmvk
Value: 61ba46c6b6487
.dailymotion.com/ Name: ts
Value: 99129
.spotify.com/ Name: sp_t
Value: 1318378de62284a0acf47854a6a75612
.spotify.com/ Name: sp_landing
Value: https%3A%2F%2Fopen.spotify.com%2Ffollow%2F1
.aiupnow.com/ Name: __gads
Value: ID=f86b702828c79449-224155e707cd009a:T=1639597766:RT=1639597766:S=ALNI_MYVZ1P1L_5rVzcXrynIpBlszEEmDA
.infolinks.com/ Name: cuid
Value: 4f54a640-192c-4552-9b8a-a2b7cdd84f4b
.aiupnow.com/ Name: _fbp
Value: fb.1.1639597766969.183938558
.aiupnow.com/ Name: _ym_uid
Value: 1639597767748546093
.aiupnow.com/ Name: _ym_d
Value: 1639597767
.mc.yandex.com/ Name: sync_cookie_csrf
Value: 2219733437fake
www.aiupnow.com/ Name: cookie_consent
Value: seen
.mc.yandex.ru/ Name: sync_cookie_csrf
Value: 3714002230fake
.aiupnow.com/ Name: _ym_isad
Value: 2
.yahoo.com/ Name: A3
Value: d=AQABBMdGumECELtt0wrrfsE-Z9vZkegNmE4FEgEBAQGYu2HEYQAAAAAA_eMAAA&S=AQAAAtxMaTJQ-p6WrGSeFnpoJsQ
.advertising.com/ Name: APID
Value: UP1ca20380-5de0-11ec-9300-06a1c97fae8c
.vk.com/ Name: remixlang
Value: 6
.adnxs.com/ Name: uuid2
Value: 4698782594569488495
.pubmatic.com/ Name: KTPCACOOKIE
Value: YES
.casalemedia.com/ Name: CMID
Value: YbpGxyxA38x5-C53HMfxAgAA
.casalemedia.com/ Name: CMPS
Value: 5223
.pubmatic.com/ Name: SyncRTB3
Value: 1640736000%3A220
.pubmatic.com/ Name: KADUSERCOOKIE
Value: DB27BCFB-049B-4C7D-880C-0FAA4FF40F37
.lijit.com/ Name: ljt_reader
Value: 80e385a2cd395028e7ada327
.casalemedia.com/ Name: CMPRO
Value: 1125
.dailymotion.com/ Name: usprivacy
Value: 1---
.doubleclick.net/ Name: IDE
Value: AHWqTUkZg5G26WEAOYWyBTGaJMl3q5LR8NnVXUYHZmhbaABELzYGIDYrdPvoYdfgsqk
.analytics.yahoo.com/ Name: IDSYNC
Value: "192u~223v:18xp~223v"
.yahoo.com/ Name: APID
Value: UP1ca20380-5de0-11ec-9300-06a1c97fae8c
.yahoo.com/ Name: APIDTS
Value: 1639597767
.yandex.com/ Name: yandexuid
Value: 60117931639597767
.yandex.com/ Name: yuidss
Value: 60117931639597767
mc.yandex.com/ Name: yabs-sid
Value: 1005648571639597767
.yandex.com/ Name: i
Value: X1Y84czXqSVFoTwU6bOhvnsLP9GNOBhfnAjC1ACJOY/cCHAJyZCs+27VGeEx7SPMUeyytOjxXMgzFv8G2EgWqlUBTEQ=
.yandex.com/ Name: ymex
Value: 1671133767.yrts.1639597767#1671133767.yrtsi.1639597767
.adsrvr.org/ Name: TDID
Value: 943e32d1-329a-459e-9174-6c314397aa75
.pubmatic.com/ Name: PUBMDCID
Value: 3
.adsrvr.org/ Name: TDCPM
Value: CAEYBSABKAIyCwiG4ZTB14OgOhAFOAE.
.infolinks.com/ Name: VRUSERCOOKIE
Value: y-DF03DjZE2uFq6CQ3Cx4PgTZLKm8CFmUAzrgjUUw-~A
.infolinks.com/ Name: OUTHUSERCOOKIE
Value: y-JjE8PO9E2uEcCTwca_SrLhbDo0NCSyOS~A~UP1ca20380-5de0-11ec-9300-06a1c97fae8c
.pubmatic.com/ Name: pi
Value: 60809:3
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 3
.w55c.net/ Name: wfivefivec
Value: 8mQzji861MXAhi5
.casalemedia.com/ Name: CMST
Value: YbpGx2G6RsgA
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-4ae237c3-3670-48ad-9645-58db8dee2626-003%22%7D
.infolinks.com/ Name: ANUSERCOOKIE
Value: 4698782594569488495
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAAAOMSNrIwNDA2NDM1NTA1MTAxsDQ2sBDiM9SNKgvyyQgMqjLyynUGAAhiD9UlAAAA
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAAAFslzmtoZmxpamlubmZhaGYBAHn-ECoQAAAA
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAAAOMSNrIwNDA2NDM1NTA1MTAxsDQ2sBDiM9SNKgvyyQgMqjLyynWW4jU0M7Y0tTQ3N7MwNLMAAKj4UhM0AAAA
.infolinks.com/ Name: SOVRNUSERCOOKIE
Value: 80e385a2cd395028e7ada327
.infolinks.com/ Name: IXUSERCOOKIE
Value: YbpGxyxA38x5-C53HMfxAgAA&1125
.w55c.net/ Name: matchcasale
Value: 5
.aiupnow.com/ Name: _ym_visorc
Value: w
.infolinks.com/ Name: PUBMUSERCOOKIE
Value: DB27BCFB-049B-4C7D-880C-0FAA4FF40F37
.infolinks.com/ Name: ZTUSERCOOKIE
Value: 2810316550540409308
.casalemedia.com/ Name: CMRUM3
Value: 4061ba46c82760no-consent&e661ba46c72760&c461ba46c705a0&2d61ba46c82760CAESENKsDhhBcSx0y2C79SPv9qU&2f61ba46c705a0&2761ba46c70b40&f161ba46c705a0&2961ba46c705a0
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-4ae237c3-3670-48ad-9645-58db8dee2626-003%22%7D
.infolinks.com/ Name: KADUSERCOOKIE
Value: DB27BCFB-049B-4C7D-880C-0FAA4FF40F37~1639597854952
.infolinks.com/ Name: R1USERCOOKIE
Value: RX-4ae237c3-3670-48ad-9645-58db8dee2626-003
.doubleclick.net/ Name: DSID
Value: NO_DATA
disqus.com/ Name: __jid
Value: 8sjbs861fr9j65
.disqus.com/ Name: disqus_unique
Value: 8sjbsfr1nsme6v
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: Lt3dr7nIOYY
.nr-data.net/ Name: JSESSIONID
Value: a427d9da989c968b
.cpx.to/ Name: cpSess
Value: 789fa3c46f407d2d
.cpx.to/ Name: dsp_app_nexus
Value: 4698782594569488495#1639597771715

235 Console Messages

Source Level URL
Text
security error URL: https://t.co/IMBWIxzlWq
Message:
Unrecognized Content-Security-Policy directive 'referrer'.
security warning URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js(Line 2)
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js(Line 2)
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js(Line 2)
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=yIl2AUoC8zA'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=dnMXMwOfBR0'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=7Q72WNTAKBA'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=yIl2AUoC8zA'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=dnMXMwOfBR0'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=7Q72WNTAKBA'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=yIl2AUoC8zA'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=dnMXMwOfBR0'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~ff/AmazonWebServicesBlog?d=7Q72WNTAKBA'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://3.bp.blogspot.com/-Yw8BIuvwoSQ/VsjkCIMoltI/AAAAAAAAC4c/s55PW6xEKn0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security warning URL: https://sigma2.disqus.com/embed.js(Line 46)
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://1.bp.blogspot.com/-eAeO-DYJDws/Vkqtj4HFBFI/AAAAAAAAB0o/Q5OLsyONXM0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://sigma2.disqus.com/embed.js(Line 46)
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://1.bp.blogspot.com/-eAeO-DYJDws/Vkqtj4HFBFI/AAAAAAAAB0o/Q5OLsyONXM0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://sigma2.disqus.com/embed.js(Line 46)
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://1.bp.blogspot.com/-eAeO-DYJDws/Vkqtj4HFBFI/AAAAAAAAB0o/Q5OLsyONXM0/s1600-r/nth.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~r/wmexperts/~4/XMvfuvRqk3g'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html
Message:
Mixed Content: The page at 'https://www.aiupnow.com/2021/12/hackers-using-malicious-iis-server.html' was loaded over HTTPS, but requested an insecure element 'http://feeds.feedburner.com/~r/wmexperts/~4/tkpYeuiT0cA'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
network error URL: https://mc.yandex.com/sync_cookie_image_decide?token=9488.wBjxFeK7vclJkKhmvzToi20KoqPAQjtUTCAuxaOFw4t-ocmVozMDKgQCmP1VrDGX0r7gwUvcCbgoqfzuSBZYDw%2C%2C.AxV6lBxREQ6fUk0zEFcO5rJ72Uo%2C
Message:
Failed to load resource: the server responded with a status of 400 ()
worker info URL: blob:https://www.dailymotion.com/26fa9103-34aa-4d07-9328-342207060ff3
Message:
[log] > manifest codec:mp4a.40.5,ADTS data:type:2,sampleingIndex:7[22050Hz],channelConfig:2
worker info URL: blob:https://www.dailymotion.com/26fa9103-34aa-4d07-9328-342207060ff3
Message:
[log] > parsed codec:mp4a.40.5,rate:22050,nb channel:2
worker info URL: blob:https://www.dailymotion.com/26fa9103-34aa-4d07-9328-342207060ff3
Message:
[log] > audio sampling rate : 22050
network error URL: https://snd.click/landing/js%7D/jcarousel/jquery.easing-1.3.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://snd.click/landing/js%7D/jcarousel/jquery.easing-1.3.js
Message:
Failed to load resource: the server responded with a status of 404 ()
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
javascript warning URL: https://www.dailymotion.com/embed/video/x7zgqmr?autoplay=1&mute=1
Message:
The resource https://imasdk.googleapis.com/js/sdkloader/ima3.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1#RS-1-&adk=1812271801&client=ca-pub-1342347843351338&fa=1&ifi=11&uci=a!b&btvi=5
Message:
The resource https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
network error URL: https://www.dailymotion.com/embed/video/2f91ddfd3964c34ae45be1afe7213ef1
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy referrer always;
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.bp.blogspot.com
3.bp.blogspot.com
4.bp.blogspot.com
a.disquscdn.com
accounts.google.com
adservice.google.com
adservice.google.de
ae-prod-onprem-ix7.dmxleo.com
ae.dmxleo.com
ajax.googleapis.com
analytics.shareaholic.com
ap.lijit.com
api.bufferapp.com
api.pinterest.com
api.tumblr.com
api.viglink.com
apis.google.com
b1sync.zemanta.com
bam-cell.nr-data.net
blogs.windows.com
c.disquscdn.com
cdn.iubenda.com
cdn.shareaholic.net
cdn.viglink.com
cdnjs.cloudflare.com
cm.adgrx.com
cm.g.doubleclick.net
connect.facebook.net
connect.ok.ru
contextual.media.net
d2908q01vomqb2.cloudfront.net
de.tynt.com
disqus.com
dmxleo.dailymotion.com
doc-0o-0c-docs.googleusercontent.com
docs.google.com
drive.google.com
dsp.adkernel.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
feeds.feedburner.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
graphql.api.dailymotion.com
gu.dyntrk.com
i.scdn.co
ib.adnxs.com
image2.pubmatic.com
image4.pubmatic.com
image8.pubmatic.com
images.outbrainimg.com
imasdk.googleapis.com
img.youtube.com
is5-ssl.mzstatic.com
js-agent.newrelic.com
js-cdn.music.apple.com
log.outbrainimg.com
m9m6e2w5.stackpathcdn.com
match.adsrvr.org
match.bnmla.com
maxcdn.bootstrapcdn.com
mc.yandex.com
mc.yandex.ru
mcdp-nydc1.outbrain.com
media-mbst-pub-ue1.s3.amazonaws.com
o.aolcdn.com
o22381.ingest.sentry.io
odb.outbrain.com
onetag-sys.com
open.scdn.co
open.spotify.com
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
partner.shareaholic.com
passport.mobilenations.com
pdc.dmleonyc.com
pebed.dm-event.net
pixel-sync.sitescout.com
pixel.adsafeprotected.com
pixel.advertising.com
pm.w55c.net
proxy-019.dc3.dailymotion.com
pubads.g.doubleclick.net
recs.shareaholic.com
referrer.disqus.com
resources.blogblog.com
resources.infolinks.com
router.infolinks.com
rt3054.infolinks.com
s.amazon-adsystem.com
s.cpx.to
s.yimg.com
s0.2mdn.net
s1.dmcdn.net
s2.dmcdn.net
sb.scorecardresearch.com
scontent.xx.fbcdn.net
sigma2.disqus.com
snd.click
speedtest.dailymotion.com
ssc-cms.33across.com
ssl.gstatic.com
ssum-sec.casalemedia.com
static.adsafeprotected.com
static.doubleclick.net
static1.dmcdn.net
sync.1rx.io
sync.go.sonobi.com
sync.targeting.unrulymedia.com
t.co
tpc.googlesyndication.com
u.openx.net
ups.analytics.yahoo.com
use.fontawesome.com
vendorlist.dmcdn.net
videoevents.outbrain.com
vk.com
www.aiupnow.com
www.blogger.com
www.dailymotion.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.reddit.com
www.saastr.com
www.shareaholic.net
www.windowscentral.com
www.youtube.com
www.yummly.com
youtube.com
yt3.ggpht.com
googleads.g.doubleclick.net
open.spotify.com
snd.click
www.dailymotion.com
www.facebook.com
104.111.214.240
104.16.139.31
104.244.42.69
107.20.140.231
13.224.194.92
13.225.87.89
135.125.160.160
141.193.213.21
142.250.185.226
142.250.185.66
151.101.114.132
151.101.192.134
151.101.193.140
151.101.2.137
151.139.128.11
162.247.243.146
172.66.41.9
172.66.42.247
173.231.184.20
174.137.133.49
178.162.133.149
178.79.242.16
18.156.0.31
184.25.50.162
184.30.24.193
184.73.100.94
185.33.221.91
185.64.190.80
188.65.124.38
188.65.124.59
188.65.124.90
188.65.124.91
188.65.126.236
192.0.77.40
198.47.127.18
198.47.127.20
199.232.192.134
199.232.198.49
199.38.167.128
2.18.232.28
2.18.234.21
2.18.235.93
209.54.177.54
213.19.147.44
217.20.152.207
2600:1901:1:c36::
2600:9000:21f3:5000:8:48e:53c0:93a1
2600:9000:21f3:7a00:6:8656:f5c0:93a1
2606:2800:233:af6:eab:2108:1892:6d8
2606:4700:3031::ac43:d645
2606:4700:3032::ac43:a881
2606:4700::6810:125e
2606:4700::6810:a40d
2606:4700::6812:1a47
2606:4700::6812:4c34
2606:4700::6812:bc37
2606:4700::6812:bcf
2a00:1288:80:800::7001
2a00:1450:4001:803::200e
2a00:1450:4001:808::2003
2a00:1450:4001:808::2006
2a00:1450:4001:809::2003
2a00:1450:4001:80e::2003
2a00:1450:4001:80f::2004
2a00:1450:4001:810::2013
2a00:1450:4001:811::200e
2a00:1450:4001:812::2001
2a00:1450:4001:812::2008
2a00:1450:4001:812::200d
2a00:1450:4001:812::200e
2a00:1450:4001:813::200e
2a00:1450:4001:827::2001
2a00:1450:4001:827::2002
2a00:1450:4001:827::200a
2a00:1450:4001:828::2001
2a00:1450:4001:829::2009
2a00:1450:4001:829::200a
2a00:1450:4001:829::200e
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:830::200a
2a00:1450:4001:830::200e
2a00:1450:4001:831::2002
2a00:1450:4001:831::2006
2a02:26f0:6c00:285::1fcf
2a02:26f0:6c00:2a0::2a1
2a02:6b8::1:119
2a03:2880:f045:10:face:b00c:0:3
2a03:2880:f145:82:face:b00c:0:25de
2a04:4e42:62::760
3.120.29.221
3.120.35.153
34.120.195.249
34.204.113.242
34.255.13.78
34.73.247.27
35.244.159.8
38.27.122.158
51.89.9.254
52.19.63.112
52.216.101.51
52.223.40.198
54.149.196.103
54.86.62.20
66.155.71.149
67.202.105.24
67.202.105.32
70.42.32.191
70.42.32.95
72.251.249.13
87.240.190.72
99.80.67.138
00b61ddd115228a88bb2c3ce857b92524ef040ae538ac0f983e7055177def3ec
00d645dba8306a4c4566eeca187f39f06012c13ff1c5b30b9bb480131d48e491
00db1163ca6054f2a8496a8613addd64991e27eedc8a136ca3e1f9dc04e894f8
01b1844125589a15317239014be029ba024bc0d6e059222bc99bd913a82ecb88
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
0365e3f4d308d0beec787524d9a2f686351e1011555515526ddfaf34176d0514
0376879a45be95f1d718c2a90d0b35986973e87d6f4c790b4c7046343464b72a
03828a968e79266db7600d2c5b34ebfa49a2903abefae530ab9076182bccb3f5
03de68cb1fdd007abd024234102ebef9781fbea17813281d3a5717d25870762c
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
07820f0ee3e5c253462bade268025f7712fdf14c0821fdaeb25040791fca9e4d
07b85abcf50821c01382c623662363b744092fddb135e7ab711895913c0fd70d
091bacad3593c16089f1229a4c689b75163afd36633207d31f742f62e0eb6e59
09bbd82ab85d641e57e9c9095c5ca875eb38f359ba665a23ddded106e8af04c6
09dec90213d3b1f9af1a0133e35843f22241aafe04b0d2a1983b69116abfddc1
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b
0a744f38c6ace34651866bf42eb7dd14df089cdbb70c95854e766eb9b41d2361
0b61542954b75c8dfe0893bd4a395c9f925388e0876e398c1c820dcc847943ea
0bcd5919bf34c7672ee85e44fd8c6a695a7ffbdd2126f4e54caecca5ca6996eb
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0cfd01f61f14eb6d881159ad18587bb4501c97ae7db9bbc9c5dd04a35362cb03
0e6abcda5fce77abbbe604e877b62e24e259677473dfbdab14f81795ea7cd2d9
10ae4d64b0c71483f2e7214da1da2b2f86279ad766492a028146d6e0623e230c
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1184eaa5a8479aace795d63e8a6198e87229358f756f81721a37cf7f3adae457
11b5f40f6dca560597112cf6b1fb4f2d90eb2099735263d13dd5e45767c2075e
127672d4912f86d7cbdeab0c1ccd9536aa33f335a7b1609d3a3939c1d778220e
1282ae2ba066330f7b12683db095c4ebf8ad69ab1d91517644c4a0b28571e580
1485460341dd7acce60bbff4b235101869025328e39f205fea7c0ea0f4b23ac6
15946a6204d7b3f089c55b93efb65f9d96285412722ca4e45fbcbf15098d9406
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d
17710b0cbda106bd59c9bb320d152a06bba83cfed9e8a171b4e63f48adfc0a09
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18e6acdf2482279ae2374fcd29fc56caf6e918596a0dd75890816241c652fea2
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
1b1b92a4c0234d53798901f1e3c471cd982ad4cf646b9505484d0e873c728e88
1d1fc50d5f0b1a77ffe652c36310574123f7cd3871798d5a74aac8d09c3f455d
2093eeb7c8703b51436f09e47b6c107f5dd5068fee50a9ece8dc2f757793ddeb
218558585458a13a0561c9747e86fc90db372981a72ba884d87af47e8b3ce13c
21e444926ee2b1297a9888fe081f196a640763626243aa07b80ff171049e7a8c
22a6b5ca081c7e993a6de605757cb5da85573221300021627663e89fb6950b18
22ccbc7b42712ef18a6781ae1ecfff95cb5babe6af255a6aadc97b313eda1d19
232334d177f358c07f8271994e6fc0c018abfce7c8910deb604de1440d741c45
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
24409834e3b397f73fbffcaa4e4ceabb548d1cac124bb1489f0f0354c2932798
25fcfee1ad623c5654d6a20d5936f56999688ce944da13f9ea606cf4b9fc18d5
27746de35ee5f13bf40b6ba062482d955c8af62190c303cbd148c5338e91082b
288c0d40a12bfad5e6aab2e4ceb50fa14b4f8e47efc1ed8cb6f91d6409df1d12
28e0f646cf40ba29cafa539888e13491cb4c5412b1580c3f1f2b388ae24175c4
299ad209dd3973b3ef12896bbed9eeb597f8c4a703625eb2c9eed5c7f78b571c
29fe732a3a3512aedec5358e02eee2156a1b783cbc27ac7ed3a023c0b8cf507f
2a5aa8749b707f73090c7fc4938f6452803ccfe09c30ff8ff5adbd6735b799e6
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2b0b6e35e73c54eb20f0b7cb282a8c0160daca9b1f829452880bda68d691937d
2b552a60a4c2926eaf43123facd9c9fbe2454498a96c952113b2a484b4f1dbb9
2baf0db4101196df611d843d4741b65c2ebde9d4d458196ab9fb71039d8ccec7
2c6b79d89717789efa98627852ecedcd6d1243e461e716ff5ee69f2bf31e48aa
2cc36b7e19b912c6d09739d2c3edbbb05a272be96736ae9fb0b0a70c2a331d48
2d387f8955e673b6b83572bdd758e2b0be9da640de3fc2d83c2cb96dbf4c4037
2d5cf55fc7fb9816c5b7543e469706d77fdfa681df626c471e44b08fbf0cb9fb
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27
3029834a820c79c154c377f52e2719fc3ff2a27600a07ae089ea7fde9087f6bc
3077cb5e37d8dc041b829c7f823616f6433006e6cc7aa94e2e44692b20c2c720
316cff920acbd735efbd245094b3472c994affc566c3437ea8eb20c57a4a9e5a
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
32c8ec967ccde3b64e5317b356d5ca6ac6a0b39ba32f6de2f8c3b1a4e38c2574
32f920ad9b6cb2b6ac130c2df124283e0f6fda7753ec304ce622126595497dc2
33fb4f945a35b6ccaf4d19c0e6d1d8ad39736c430884b7090fc0f965d3f748ad
34fa06f4b9082afd593822ef7a15e41e2df8c335d9e696ec864c061cdabe483b
35196923692f06f97491caf22422cce4b612d5ef07c51842ca94a088b15456e2
352248c620cdf3a80741dab4632584909e0aeb9d176c13b49a0b741694e33f9c
36a79135803869f257cae495ca43ee3d321aaaa2ea929856859444522d64cca8
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
39ffb5a9e67544a56b3ec4b1b8060a8c9a7cd29b750e624394a37f414cdf630b
3a5a376ad9d79b81a594792447a2e228ee3610350d89960c7d7606669c594fd2
3bbd1c0c28ea0f2af4254c62d76b86321cecfd45a3cea933d29b37fb53ba6e28
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3eee15d11eb29b6f2258cabfeeca39b3b900a7cae96fc7919b27789f3470b9f9
3f95544529bf5a220675a5144deef8a36863d63b94d13b5408341bbd3229691f
3fb03c5889929639808be7ec57fdcac0a13e2bc5de31ac48723aeca4c2ff246e
41dc62838893d877af036548c8dae4693825d6decf866a1aade64d8d942afca7
41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c
422322a5b664a67b41d5548903029f24d41665edf71afa39bc31dc5b03c668c1
4299f2aaa46eea61cff7da0f945e26cf0ace8a35ea912182e7df2a9958db8e10
436c498b9189885ad7a202470b3901203a6cf09e0f4ab2c80c81418d3489b750
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4476c31489084f057d971484ea8337d294bdce33db840a204e800da4e37ebe1d
4512240dca2a59d6f18502229269f36846e194a33015ca8ca1a93a3535fb333b
46c1bedebd89ea719e5ffe1c9c2075e2f2be84ef1ab1b7fc16e9464eeedeacfe
4a54de99803e6b96ff9ffb718132f86d01dacf33d740640bc31a5714e372181b
4a7577bcebc8c53f84719aaea16c5a3d51aefba1680376c1a90c2ca217acd34c
4a9cf9fe55d2740f89e2bbbd96b47d2793948cb9480aae05f7db428b41e9d8dd
4abb23884b99c6c53b604e219691758287c52cf81e28b0e90b665fd1b215a5b3
4bd97569f19339108d50e204a239bf8a3659823bc4a4c6011cc6a686ad5e4922
4c0f1cce1d9f37c25fa9ee1e57c0f4308de2835d5083048c959b13b2cde60ef9
4c58ea67ac5e2c7b16dedb37ca5e494406cc0ff89130b6566db266b86aed81c3
4c6102f48f608e9a58d93796fe7b0f93282f8865ce662bf38e5072edb7dd692d
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4d958aa0fe56b2c9ef407522721c72a3f0ac4f0ae063a2e2d05c134b7a79fa85
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e6f87e479fe96a05167143baf8284070e8e25446568442ef85133ec97ac7cf7
4e7a4de80dbec3e143eea735672c7a5aff8303e551c431f479f7e9f8b6c20b78
4e9c61cb3ab5d2bcfbf8ebddad7f6c531ea3621fc5ab2adfe61a51f479fc3b69
4f4524f7e1a87079bc50a64681f880ccf3e6f5db1ec5fc27949377532a3881da
50f875818c12b4bac50d2ac2bb80e0edab07d6172d77641c305daf077f2c34ad
5257f6397ef05fa34f2658be967345dac7937800cdf382bd8635e31384296191
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
550c9da427a76b05374a263e56f08ea0db57d7fd44f33abea68182afe165233f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5858f70f9aa16869be79deb4ca3b7b2aeae629c4a039c134edf88c12f6ae346e
596b44a74d7c44b589774c92d52071ea9c7605fbdfe1a8564bba78df7101105c
5a8e6c087e1dafd504a981dd54bc59a16a5ee9fa0ab31c97121d63ee0b2bf35b
5bf22243f9bc0b6da9f4f0ac925015270de2a047a12b1a267d9a55a0730e76b1
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5c92084dec60847faa5d1719a8b8c238bf82f3f1ca97a8474acd3c67e3aed419
5cf34d605f353037a0ab53e0d1abfe48d1c54263e5e763c23366e77d45960bfa
5fae79754e7af92e6afadc3060797e3d35188221e60d63d0625f66cf921e7ebb
5fdd431164083bc93ddc3a108b2cf12e939dbd75018410f851da642d410f895c
5fee9bee5192b952739299570f6f1d5880895edb6e518c14850651083c242fef
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
60f2fd5d630ad85fde9f4faf9714bdf5dfe10ec76ae260427913ad24e7cb8206
618de7d9f46f3f697d827a1b6d84974760d5deda62e4e592adaa3c646602a94c
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62f2557cbb5c12ab6f5974e6688375f8153f2cf3da0aad2624d327de6a547816
638b07dda0f438a7f4c609bd114bedcc9c15b100133b8b8ebffc7fb85197bcb3
63cb35133865eac473826f95c6a9d64ff1fa3da71403ea4f1981e5de9bcd69bd
63db24da1093f96d6032cb6b40f317f3e395b0e812714adf2e0a3838c8252638
64c66ff5f2a8ca13445bc35e1963ce0c25a355ed2c9c4df646b37f2602d68efc
654fbcbda47c2aa67f212492935f5f7ac35cb0a0ce269ac8ba0ee283c4afb691
667d0547d8f8567828193f76f5fbd55bbb4244351313a8a8f3d85d171d1af49f
67042b35a4c83e7d770bc7273e2a1d4f867911f1571807e65c5a2f94e3773f9e
6742fba4fb448488e05ec1443e5bd0ba27e9d9e58295c7e2871dc48f3caedd81
67d410b3debb14b15512f904dc7d23856ae6389cdacffa8e8339027088719500
68a31c7d9e97e5298c6ca63efceeb82934c56959710f8381086968ce97ef096b
6991b0dfb02f46e2bb00808bd3eaaf97cfb4caa209a24ceb5a5c3482b091d6ff
6a484ab3ab55740d1b51dab8f319f0778053dc10f6cff128f5f76e76625cc5e5
6c7884164b248cb8d87de9edf64dc810e5753bb8ec0cd015800d7f39e08371c1
6ca0ba132e317aa25845976719aecc3fbc11dfbe15c1ca37809b1d0d39bcf8c0
6e6221f8603843e33aea69f1eff610fc753d5689ce75d5324f27144a10cb475f
6fcd9dea2794290acd1f2e793fcfef9232545fff93270744e79e30d9de0e0e61
6fe452f57f319d6891a1e4119aa5c860fd59dc23f280351bd805a731ae835d55
7029f15b559e64254cbd7fecc09dbb128c9c54511d016ad8f05d7d71424ee1e2
70d75a0c59e0e1d2bc3a34351eff20d5826e419847a0c1f9312bfc09a02e9a1d
7287ce2ca39d008d5cd0aa339903ab9d578171606da1b04ad60956d769176de1
72a24849a385cc8c2e75bcd6a6cd2530d7d867ee28ae27aa89cd5b48f7403e8f
72b2181e58d5c45800d66d36702794ca5ae5bf1fbc20f106442b7eac3191a623
73073ed7160406dcfbe826dcabd7ec807cf2aa72afe0303424f518767120cf2e
75fd3ba85edd220c4367b125ef16b97f98d35105ab3142e08dc4ebf05274081d
760a701e314fcc16740c761819e8fd6cb4186c68378da8d3271df6a601f2c090
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7b453f1fdc46e7e8f7716c152f833ed3b87b4980a80070ae41b033ad31a7b4c1
7d4767763ce995c13decef23ba129277c5a6e2682ecb104c8e06d2ca0af00137
7ec24c6f5f2515f0751a151338a93c4f2fdc6994d08d95cd02e82d9000e341c8
7ec2fc40578b5d3c7c8ac12187d460fbde0d2775e48091c1363e4fac43f99a0b
7f511fec0d53c96ab3419058c849e13ee46f1be67c754be58f6af6c027b5a673
80c716ea4311331aecad9182f2e6078623900ef2e3c4fddb9d42e243746beadb
8306b110649100e1a82a22573136f9208f5ceb738bb508a7d2fbad3b66bed7aa
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd
8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434
84077212eff3a118119952d95dfdd412f3a97e1c779d3881ce6c3402fbfc96b8
8559b7e5e86976ac2b43d84dca46f5710852e2e1c50d5fdce5fd532efcb2154e
86fe6ac66622cc492d3ca23080947404bdab03fdbf1eeae1f89eb2101fe87a3c
871f64d89795838c773a27fb668e45b3e494fb3c24758cfcca6934f305f0db72
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
884bab512acc3235af224271f85a9030fd7461211c697519808bcb7702c1a091
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
88a9ae6f4226f2a69171713a1a08bf670297ae4b2517d8df0d707a206b0bb5b2
8903986c927e122375ba7e0e972f366ae8c7104bf6f9fd4bccac2ada20949158
8b82f883c1cd11ad9b0f4cd6cea48c70c84a84f41c57ee6e637417ef78182f50
8ca0c44926e7904b379b0abae96e5def8ad7c140d7c68d0ede2f2148e1ad5745
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
8ce727a9c2fad1b696c6bcff68d09df08016d7a516b270dfe1198b67867b5bc8
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8dcb8e128bd3aa982b2fe3a53685a5a6fe9ad4f6ec590611052b74813631e5f4
8e19ca409ec003a31ada59e7dfd29dcef025cafe3ed8465defdcca836a78bcf2
90fadc153cb3202eb4e63fa7f561f19d28ba6b66e1a91a57813c66c3032d54d9
9222037993e442ba70d3b56378f359c8c37b8e2cadfb301735de27bd0ea24635
92a52c85d6e732cc7b34a65f9317ef052b15c2f2b58c9fc7f0ef939c7e3ba248
9325cb86c14e757a3266ab710efa8294b3cd00403310dfe09e6f561f7c94b438
9379a60c9161c83f5075dec933369e78b3be0d8c3b7827ceda7d7a038ee62ce9
93901df4e7c94322ced053d9c8c9dfe1f656e98a3d7f010b53f3db76b8e6069e
939a20090f5d34d32c51d8128bc3a0dcb9adbef28cbbd7d3d732f333898dd044
94d2985bfe7d4e2dc46a076e64341f5862ad21e673ab5cac0b5addbd124676a3
956c937c18e92293c7ef920d33914118c5c3b5930f608c9f59b76367d9c409d9
95b41ba92728e08797cd85b6f9683afbe13d450d1b3213358c48ac18d242846a
95e0c2b464ed5653c96fce9be303c13f94bac838f62ba905cfbe1963e8a8fa35
96a96229c6397e7b5b44811bee268f7f6dfcfdd2703efdba8e348f311d0fa6db
9707403b8102fda62ea0dcf171404b08c461abb8bcf8c388c0408dd5464214bd
984601230d8cbfe18370425e8e897037cc1a7adf831a691a9ede573cf44479d4
9904ccc112b0cbf11bac902cb4c91ce4af8398396917bc1d3d8dd5d355ace176
99e1761c92764dcaeec33df3e1773160344cc4aa6b8ddaee0477372279a2c424
9bd3fd8eacf952bb385c082951129874ee16563fc03ec6d3de690331f0374492
9cc42edd3434423ba5ed7bab4141062c32ca45432ee495b4db48399fcf625a56
9cff0359137fc419fd2612e9e813c2f61cc9dd1b915d0c7bb650e8f0ff9e5710
9dc79e8f732d935fa82be7d9cfe21ff9dbf9d7251d077155cc6c401647528d30
9f0384a2c4cddef7a95fce9cc026e0901482723d031610c2dc33f23864e8d5c3
9f05592df6a80686d7216adbbc60dd18c978741182ed9e09a863de7374931f0e
9fe12a050717d2f8f1ca073b95098e0bf3d86a44ebfc0ea2496c7a7b0dce6b1f
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a29d510cc6827794383ee2d8aaa0ff664aec760c9bfb99bf5c179c41c97aac48
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288
a2b9c28205959e1323e482a8ebab65490ba2200da1665b75004947fbc4e18672
a2c0acdd5bc625dde811cbe3d364688921eef737a6663a070cef6995a4fdb84b
a33a18d3ade364ae94fdc88f786c869ff8b45cae9bf98f2e2a16dd1459d98cdc
a43b5bfc058d5b10e20d84c9dc83bd1d825fc472b165f0a837fdb02d7ca6c37a
a44fcdf2a2b8b40527c7d52acd853b355152737e0a453026205c90b404206ac6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
a538cf51f63c0d439f2e1a0920a0b33b9da788d56ab2b30a13713f4f7d3e9469
a5ea452e977280c259515115b1f3e03bf152e5b4c79b3e785cb8eeac26c327c9
a7fc9e14f36c6590ef42bc2eec54e925cf573a2656de164817ba40c67bc71a5e
a97e731cbb8c8f2fd76edc5ff46950f4548da821813db1770d62cbd710cd168a
a9ea70e468a1ea49c3e1fe1d7181aeeb1f66d6d9af315a8fb19525e1a989b2fb
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
ac45e4c266a4fb5e7d49b00f4b3b9c53b70ccb5754d3a6d5cfc338ca3b98bd84
ac58756be8a08b00efa89ae967645beadb91d7a724c5217e4c847be2f06d4034
ad671f60b455b1a6641cd531081ae4708cdfbde540efc21fd251deb617c40cd2
af6b050b64140f077b155b484ca85175a9e6627d81d11d7b5aeb9c998e6ada68
b03c5ad67ed44a6bfb629dc721a66b6a9a05516ec54f2b44aec251bdd3016974
b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f
b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b16ee208e163e440832f7c31333c523ec8d0635bb1b2d332d733c1feb73dbf97
b17de2bb097917f12756ebb689a9cdcdf47a46ca5df26ea2b27b6620452ea6a7
b1d864116e0b3550c089260b388b01a6cb3bad6e7d3e04237269d35821b13962
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
b3d9e60436d10a54b04fa0bede523a36ffc72dacbe2db27148aa08d9e55eec45
b4700758182849390e83510cfa4d6ac01e49183ad810851b099d55fb0b93eec1
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
b71079af3ec36279d0386b3b1498fa09d315d859221fa026027c4175ca3c7f0f
ba5de2dd01708185a0cf0204bee10541293279f7ed8589422e930caab1c18d5d
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bc7731959f24eb86dc0127adfa88c91e71d68b5a0c958dae09aab1b34438256c
bd1d46e090dd11a9123e403410ad1b3354ed4c0906c92a13ae0a0daf85a91421
bdb3f79992994955bff565f267625856ec3e1233655b4dbbe541d5388e23ff14
be43a684a99f6071923acef248515dadee8bf4db7cc059aed54dda51b6d3dd44
bef5318f625cf3dad8e4db35a1eb5a8548dae2317569c5aa4647e8a198cdd60a
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
bf2b259176d1712ca42f68767b3dc61a2a2385fbb48ba3a7e5b587910e50d642
bf459edbca835630ab04fe10ab0ea320af9c2a02a28354fac1dd2dacb5b48155
c1a75ea27451c167b4bd5b2b9ba97f4ec7d1bcb3bf5e4725e41ff35cee1b4ffe
c1dd3ae27cd0cf43059c6571c71a67429c3071d2fba84eba2d62809aa38ba3d8
c1fed6af0907b4321b97f34f4881f6ee021694567754b4ff26bfe8ff3480b451
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c24111290c8ad7c12a85ed464ef68ad03a73b6f96a605a626b511709f34a326a
c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3
c3f0b6818ed7aea219cc8b97ec0abb8f6e04d4f106a3cb8fb01806723469d511
c4255d741dfb97063d6dc415fb5a6b2ad26ee3a7ef759c979b258e14ecdc07f6
c4a8c639edd67d769faf82914dc8ff0a1104373b575707f5f363ba8a91f78acd
c4bac60605cc28d70120aeebfd16265f062a1192d0f51a0384ab90453818e894
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
c7fc79ad0d9fd7c1b846e2d87aac2c09c80515296b8bd03989251c4e0eb5d4a7
c811b52b159c35e96af4b1f0b999753162f21933e5e520e288de72dbd5a2018a
c8520c4df0969be1603059e7639e03decb805f23feb63736ba40f00365156caa
c8de81a1acb5f3788959ecc04eaa6526d5bdb29991157cecbef71042268c0374
c90b7e832a212a6390a5ec8c2c1161bda9375fb414ad87bfea2e282d2284be79
c9a70686ad065d96298301b1fe7daf4199a4e72348dd638330390f7763ae226b
c9dbf391eb49cc7fb60b02931b2d3595eaf3c065b716778f0be58306dd7cbde1
ca356d69f023a86170e7197b26266cc9f913b54fc90e96a760cec4152b7848b1
ca9848e6006cfec8f9ffa29433ade8152204bdb95579200831c6dc0f53dff70b
cb060519450cc4982f29f8a767e47c4440e26614975f99ecbf3cec04e0cf9cef
cb3caf5190433596a2a4b1169a14291ea060d65f0c92f729c1943db1465b052a
cbf52478eea923d6c8559defe2bd5ce6f23107952a3ab8056d0d2d97df20a79e
cc0e86fa9839984b0d1c815a1008ba178b8e3b50f347ee2446d967e6fea8d09b
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cd2002cdf21b9a1c068b3b6f24ece6d21d00ecdf3b14de9b37372425e8045e90
cdb5ca36664e6906c51c4336873d7b45f29cb48c3b3188c853980813da650712
ce600c2ffaa71b56c40c362b1a92f6635466796d74560e88ea910a248b5985ad
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf982d883df5960372888dea0fad2d161a0b97e1ad17342fb9edf73efdd2db21
d008862ac51c4c57d4e2351821f587b691b9674ba43ed97a26b92d700d95a389
d014f18e097b4117042cecac8529f792c4781b9a7c8e3c0be4b51cccadd83cb3
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d0d730ac7b9fa74a2c09a58125fdfd317b367486c40ea60e424f959bff191274
d2fec0e2942f49dd3cad4650431d550d761f11dded17834d4835768c2ca730c0
d323274e6db33f6fab0044c4edeb9bfe1d384ed53ed7a46de196b631dc4dbb15
d44b6e4f9164860ac419ab1e15cdd2aa55d8117b8fdee7b2545d1b4fe0704c55
d44ceec8bba88323fa0fdc3d0a6793b6f1e0c31d465be241d2142abd9ae36e50
d50b115ed15f11d96d3ab369d091db9bf261ff6a41ee29ef08599464913bb0d9
d537bdcf41cf1b6e7765cb13e5d909273b9b374318e40aa927db2c5346e3cf81
d53fc34a8a2122326a547282899df3aa84a3def278217628e218ba771c4305cb
d5adf666701b746821cc08cfa7064589419b3e1aa81e6324ddd6843e5bebf082
d71d986a726a9a3b37c6a5e049fee9692442911b24fcbc115a55608634a3ebf9
d76f32f8bd2f4896065ce24a53a651b8b31f8518eeffef24d8ff3b7942a2437b
d777536c363f541d3a0a29627c1294ed6c6c0889011ea21d8d4eb859c9aef31b
d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e
d8a6f2a85533d8b0a3572be5fa46cb09629d8f54f28bf40c52e0878d68caa046
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
db01487388f15a4c0cb6c6e28ca365fc9a9e0855a90894665baa6f582c9e50b6
db074a7d6723d58832bd2e692332131fead854ef3adf44c2ccf2cc657010c629
dbffe4825c6ba1f19ff48607381ad4384b0609b64998830502c130f00abe887d
dc10eb4c3193b2a9e85d3e011075c703c98d79e86dee2c8647311db2f1dfeb4b
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
debb229daffbe34e17c32f8d56a72dfa9ba4debfcfcb330e733bf56d88da117c
ded935a660b5a53e7d86872f98e633f254e83acd157e7cb86eb2eb7bb6b49a45
e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442
e18d92df9fc040d6254b7adc505887e40ef5960ffb39ac32cf57ca47bff59604
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e304631621145d56c08c2de36d8486df1f727334c806565feff694fd19698bb9
e33de29236bd945ad5963c32fd373b982e0970b3a1f784b8e7ae07d7be8c254d
e3a16bbf4914a49b1afe816e119c7da2d731dead9167c01d07984ef323e26bfa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4617a5b39cda8cd99c5725cd79a12bf58f402b90f76c364ec7de7852ec15050
e5166358a3dbbbf16f4d4cf8dceef295330e6b575ea9cd289fda59bd4b39ab7b
e578fda3845b781d5c0045ae9c5dc94257e613d1c93d5155720c10453e44e91a
e78e46931859effb952e79bee79ca485c6d0081f6be2531dfba0ce6c21a08c14
e89c1da385be36ce801884d3609d7339ed0a608898520cc43a31334a8ab5535d
e8fd6832e13fca9622a46af5fddb394c358ef083d84002896aca34613d77780e
ebd3ca7daddf816dd78d248e357299627b6270d31ab83659be8ab344e2c11097
ebd9786b02160e2eebfbfb0820e4f91bffa8a67ec75a06007186bd272955a55d
ec5bd2dda6ef160c59fb45abdf3fb9b7352e73bba600f27bb7555f1ad702f873
ec5c6adbb37db7364cc2a0f8465175d7d8b5af2f8bea562181644e13508122f1
ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b
edd44cad5cd50082407878419dee3031955cfb380d85653ce1100cea73bf9eef
edddcb46193aacdf88726f8250fd0248b2dd411d392b3288ea04ab9e9e6bd526
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
ee5ee5e3221ae427136db90bdd8f04cc152d687a9de9e69797f4a87a0d685f6c
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efed9c0be7c7adf375be6a20b399eeb790011c96ec3c3921fa91cc3d0fb7e095
f1a32bc2f145aea8c098f09896ed081513a6f6fcb8adc1aecfdc2b43618393a7
f27408b033a0195d0f29b0ecbc143f470c4fbb0807472a688b2f9e66403651e0
f2bfdbf7d2df8d37016a17d53674d2799bb77996a763bf2bee8b1f604dd31a9f
f4b70c4cd11d64db7c587fa68ed12651b684fe2e78a9a9d46812f89beb496acb
f5fb80c6ab695aec793967d59c135b29618aad2f987174711a218fc44da08d77
f615e7ba92273145a27dfc0773e0a936233f96a40cee0eb90cedf8cdcf2e6e0a
f725f6888d32252c9f3dc55750d168b0f4f00e0ea1f2e877ff46595662a56110
f9f21406615f1546dd9ced7d75db04dffb75609a92a35f835405784c78119447
fa0d1383cd6184c9654b458ceb23a3ad8c700d98cab32478b805e385efd97af0
fc397a38480b8b76d1e301b62e22c88d11d23b495ab0100f3684fa12a65afb52
ff8dcc686a05a7786142167eba62158d2ad9d25d404d95324dec39cc5fa0303e
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914
fff7b5b76321e4080e4cf8a5b312d74a943b7ebc2aec9081ac7e17458123fcb2