www.onlinethreatalerts.com Open in urlscan Pro
2606:4700:20::ac43:4561 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
Submission: On June 07 via manual (June 7th 2022, 8:28:49 pm UTC) from CA — Scanned from CA

Summary HTTP 150 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 17 IPs in 1 countries across 19 domains to perform 150 HTTP transactions. The main IP is 2606:4700:20::ac43:4561, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.onlinethreatalerts.com. The Cisco Umbrella rank of the primary domain is 885198.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 16th 2022. Valid for: a year.

This is the only time www.onlinethreatalerts.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
40	2606:4700:20:... 2606:4700:20::ac43:4561	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:823::200a	15169 (GOOGLE) (GOOGLE)
20	2607:f8b0:400... 2607:f8b0:4006:80d::2002	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:823::200e	15169 (GOOGLE) (GOOGLE)
17	2607:f8b0:400... 2607:f8b0:4006:807::2002	15169 (GOOGLE) (GOOGLE)
1	142.251.40.98 142.251.40.98	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:80c::2002	15169 (GOOGLE) (GOOGLE)
28	2607:f8b0:400... 2607:f8b0:4006:807::2001	15169 (GOOGLE) (GOOGLE)
3 8	2607:f8b0:400... 2607:f8b0:4006:807::2004	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:807::200a	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:822::2003	15169 (GOOGLE) (GOOGLE)
1 2	142.251.40.134 142.251.40.134	15169 (GOOGLE) (GOOGLE)
2 3	2620:116:800b... 2620:116:800b:21:f059:4f7e:28a9:1588	14618 (AMAZON-AES) (AMAZON-AES)
2 2	13.88.42.153 13.88.42.153	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
21	142.251.40.162 142.251.40.162	15169 (GOOGLE) (GOOGLE)
3 3	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
3 3	8.28.7.81 8.28.7.81	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 3	69.173.151.100 69.173.151.100	26667 (RUBICONPR...) (RUBICONPROJECT)
4 4	23.52.162.21 23.52.162.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1 3	2600:1f16:b8a... 2600:1f16:b8a:8e02:82e6:f9c9:6ed6:87f4	16509 (AMAZON-02) (AMAZON-02)
4	2607:f8b0:400... 2607:f8b0:4006:80c::2003	15169 (GOOGLE) (GOOGLE)
2 2	3.219.79.180 3.219.79.180	14618 (AMAZON-AES) (AMAZON-AES)
1 1	35.190.90.30 35.190.90.30	15169 (GOOGLE) (GOOGLE)
150	17

40 2606:4700:20::ac43:4561 (United States)

ASN13335 (CLOUDFLARENET, US)

www.onlinethreatalerts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:823::200a (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2607:f8b0:4006:80d::2002 (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:823::200e (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2607:f8b0:4006:807::2002 (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.40.98 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s79-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80c::2002 (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

adservice.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 2607:f8b0:4006:807::2001 (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2607:f8b0:4006:807::2004 (Mullica Hill, United States) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:807::200a (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:822::2003 (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.40.134 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s80-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800b:21:f059:4f7e:28a9:1588 (United States) 2 redirects

ASN14618 (AMAZON-AES, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.88.42.153 (San Jose, United States) 2 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

beacon.walmart.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 142.251.40.162 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s81-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.227.252.103 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 8.28.7.81 (United States) 3 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.151.100 (United States) 3 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.52.162.21 (New York, United States) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-162-21.deploy.static.akamaitechnologies.com

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1f16:b8a:8e02:82e6:f9c9:6ed6:87f4 (Columbus, United States) 1 redirects

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:80c::2003 (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.219.79.180 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-219-79-180.compute-1.amazonaws.com

cc.adingo.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.90.30 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 30.90.190.35.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 90 tpc.googlesyndication.com — Cisco Umbrella Rank: 136	536 KB
40	onlinethreatalerts.com www.onlinethreatalerts.com — Cisco Umbrella Rank: 885198	287 KB
39	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 40 ad.doubleclick.net — Cisco Umbrella Rank: 179 cm.g.doubleclick.net — Cisco Umbrella Rank: 191	144 KB
9	google.com 3 redirects adservice.google.com — Cisco Umbrella Rank: 70 www.google.com — Cisco Umbrella Rank: 2	1 KB
6	gstatic.com www.gstatic.com fonts.gstatic.com	129 KB
4	casalemedia.com 4 redirects ssum-sec.casalemedia.com — Cisco Umbrella Rank: 494	4 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 163	170 KB
4	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 277 fonts.googleapis.com — Cisco Umbrella Rank: 42	34 KB
3	innovid.com 1 redirects ag.innovid.com — Cisco Umbrella Rank: 1375	1015 B
3	rubiconproject.com 3 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 306	1 KB
3	pubmatic.com 3 redirects image6.pubmatic.com — Cisco Umbrella Rank: 564	1 KB
3	openx.net 3 redirects rtb.openx.net — Cisco Umbrella Rank: 1376	603 B
3	quantserve.com 2 redirects cms.quantserve.com — Cisco Umbrella Rank: 936	1 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 35	58 KB
2	adingo.jp 2 redirects cc.adingo.jp — Cisco Umbrella Rank: 2937	754 B
2	walmart.com 2 redirects beacon.walmart.com — Cisco Umbrella Rank: 2189	969 B
1	mookie1.com 1 redirects odr.mookie1.com — Cisco Umbrella Rank: 840	764 B
1	google.ca adservice.google.ca — Cisco Umbrella Rank: 14230	792 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 768	706 B
150	19

	Domain	Requested by
40	www.onlinethreatalerts.com	www.onlinethreatalerts.com
28	tpc.googlesyndication.com	www.onlinethreatalerts.com googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
21	cm.g.doubleclick.net	www.onlinethreatalerts.com googleads.g.doubleclick.net
16	googleads.g.doubleclick.net	pagead2.googlesyndication.com www.onlinethreatalerts.com googleads.g.doubleclick.net
16	pagead2.googlesyndication.com	www.onlinethreatalerts.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
8	www.google.com	3 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
4	fonts.gstatic.com	fonts.googleapis.com
4	ssum-sec.casalemedia.com	4 redirects
4	www.googletagservices.com	googleads.g.doubleclick.net
3	ag.innovid.com	1 redirects googleads.g.doubleclick.net
3	pixel.rubiconproject.com	3 redirects
3	image6.pubmatic.com	3 redirects
3	rtb.openx.net	3 redirects
3	cms.quantserve.com	2 redirects googleads.g.doubleclick.net
3	fonts.googleapis.com	googleads.g.doubleclick.net tpc.googlesyndication.com
3	www.google-analytics.com	www.onlinethreatalerts.com www.google-analytics.com
2	cc.adingo.jp	2 redirects
2	beacon.walmart.com	2 redirects
2	ad.doubleclick.net	1 redirects googleads.g.doubleclick.net
2	www.gstatic.com	googleads.g.doubleclick.net
1	odr.mookie1.com	1 redirects
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.ca	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	ajax.googleapis.com	www.onlinethreatalerts.com
150	25

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.reddit.com
pinterest.com
social-plugins.line.me

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-16` - `2023-05-16`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-05-09` - `2022-08-01`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-05-09` - `2022-08-01`	3 months	crt.sh
*.google.ca GTS CA 1C3	`2022-05-09` - `2022-08-01`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-05-09` - `2022-08-01`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-05-09` - `2022-08-01`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-05-09` - `2022-08-01`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-05-09` - `2022-08-01`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.innovid.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-15` - `2023-04-15`	a year	crt.sh

This page contains 19 frames:

Primary Page: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
Frame ID: 9AA0D67B6B6EB6B930EC3E08749CEE40
Requests: 54 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220602/r20190131/zrt_lookup.html
Frame ID: E2130DF9F835B81DFA1B361529740E16
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&adk=1812271804&adf=3025194257&lmt=1654633646&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724014&bpp=4&bdt=274&idt=184&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5537290061779&frm=20&pv=2&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=216
Frame ID: F505A627998A1D23A596BC31063818B3
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=3175270842&adk=1981524452&adf=3304449892&pi=t.ma~as.3175270842&w=728&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724018&bpp=4&bdt=278&idt=520&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=355&ady=261&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=pcxmjEtr6k&p=https%3A//www.onlinethreatalerts.com&dtd=537
Frame ID: 9716C737C6BE513E1EEC714C3872D8E4
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=9911826040&adk=3707071954&adf=665877015&pi=t.ma~as.9911826040&w=728&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724022&bpp=1&bdt=282&idt=560&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x280&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=355&ady=1194&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=2UDcjDArcI&p=https%3A//www.onlinethreatalerts.com&dtd=566
Frame ID: 4BA7452363EA4882ACC6FDC04406ACBF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=6277945241&adk=1090081780&adf=2106144157&pi=t.ma~as.6277945241&w=699&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=699x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724023&bpp=1&bdt=283&idt=582&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x280%2C728x280&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=370&ady=2202&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=BZO7ygZ9L9&p=https%3A//www.onlinethreatalerts.com&dtd=592
Frame ID: CA325A4FBB57C57A434CDD0B605220D0
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=7085129746&adk=3384180819&adf=2422321695&pi=t.ma~as.7085129746&w=699&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=699x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724024&bpp=1&bdt=284&idt=606&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dfd66a6d275f1ed08-2279f4cfd2d20047%3AT%3D1654633724%3ART%3D1654633724%3AS%3DALNI_MYSQHmxBeBea7UsDSP5aXIwJHfJKA&gpic=UID%3D000005f6e218a414%3AT%3D1654633724%3ART%3D1654633724%3AS%3DALNI_MbXajxRJN6TsqA9wNfkNMJGXy58Ew&prev_fmts=0x0%2C728x280%2C728x280%2C699x280&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=370&ady=2884&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=fEO0zEAAC8&p=https%3A//www.onlinethreatalerts.com&dtd=613
Frame ID: 6CC7DB0C45831B16A0BDB438660487EB
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18053640762837540807/index.html
Frame ID: 9860C1B99A65F5094588FD013EAD263A
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CjjcA_LSfYuLrJdKexAP1mZfID_y4kLRqtvWajt8P2tkeEAEg3fWEHmD96KKB8AOgAbzTkLooyAEJqQLeIve7ZMOqPqgDAcgDSKoEsAJP0IO5x-mqEVPoMi_hdvRD0Fy0fGjvZEbP_nhvtgssU06NHpDnQPW9H9VSbN0fVID-xQJ5z-GiifRM6JFviOv1T06M6pez9DYBUKWjcvY2xySQ3FCR_YCCRcfaxWwKG9DsXQpXVcINtVC9RX8fN4Y1glZYpN8Lkp7IDTZixaxPg1icsV94U_96w3VhJd9GzXD-jf_wcfl8iBEWz16kE52fU3MbLqsc5bH5dX6Apg7rohzdDYRtXHqDAGCAFHB3h7c9dG2aVOMoq0fe7LAVDLE5SJc6WER4oADj1XSKlvj-PXDlR5LHHNCtx5dNEmMlKH4B-rdCvqIx9KcI5l-gU2oZLWYA8TaANerc0vciMVxhaOqGQPhHofE9XuWevIe-DvJwYToDMrF--HHtQjvFhxV2wATo5o-WjASSBQQIBBgBkgUECAUYBKAGLoAHvIvhmQOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBDPnCTSCAcIgGEQARgfgAoByAsB2BMN0BUBgBcBshccChoIABIUcHViLTg3NDY5MTAxODY1MjI2MjUYAA&sigh=EC3VBtDavBw&uach_m=[UACH]&template_id=419
Frame ID: F2F3FDDCD6C4A3D86E759FB21A757E4A
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: C4273A5D72E46AC849CC1AAADF5FEE00
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: CCAFE3E108AB85EEE6930809131D4A20
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: A4920F8299E390DEBD189206D28676F2
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E0B6FC82908757FD148D5307AF56F787
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/fitY9DN5Eb8XnEderF92e3R8KkCh_qe_gU10Y1cTXMc.js
Frame ID: 1F5B0F24297DA977E98E26AB86668996
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 760328FEC660C64C01418253CAB941BA
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 37199B16E139CB79601F4C71050DE93E
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/fitY9DN5Eb8XnEderF92e3R8KkCh_qe_gU10Y1cTXMc.js
Frame ID: 120C5A2943F933F12ECE51F98F342F20
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A00EE623E2CD1397EB307F27C8617DFA
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: BCC08458D82CB265833CA3931EE7D44B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

wp20 ru Scam and Web Browser Hijacker

Detected technologies

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<input[^>]+name="__VIEWSTATE

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

150
Requests

87 %
HTTPS

57 %
IPv6

19
Domains

25
Subdomains

17
IPs

1
Countries

1361 kB
Transfer

3038 kB
Size

24
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/sharer.php?u=https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?&url=https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/&text=wp20+ru+Scam+and+Web+Browser+Hijacker...

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?&url=https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/&title=wp20+ru+Scam+and+Web+Browser+Hijacker...

Search URL Search Domain Scan URL

URL: https://pinterest.com/pin/create/button/?url=https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/&media=https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/0.jpg&description=wp20+ru+Scam+and+Web+Browser+Hijacker%3a+The+website%2c+Wp20.ru%2c+is+a+web+browser+hijacker+that+displays+unwanted+and+malicious+advertisements.+Potential+victims+may+receive...

Search URL Search Domain Scan URL

URL: https://social-plugins.line.me/lineit/share?&url=https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/&text=wp20+ru+Scam+and+Web+Browser+Hijacker%20-%20https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 71

https://ad.doubleclick.net/ddm/trackimp/N5409.274533.ADMOBGOOGLEINC/B26984702.324093669;dc_trk_aid=527335584;dc_trk_cid=163869937;ord=1490919493;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N5409.274533.ADMOBGOOGLEINC/B26984702.324093669;dc_pre=CLStx_uWnPgCFYWmnwodGE4G3A;dc_trk_aid=527335584;dc_trk_cid=163869937;ord=1490919493;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=

Request Chain 94

https://beacon.walmart.com/etap.gif?tap=gAds&google_gid=CAESEBQpvG3zcRGTGJ-n5-JRbVc&google_cver=1&google_push=AYg5qPIaTTJ5tvHeWvNJa2GT6g0bcJdDaLOVUvSIQ1YEaRbB6sMAYl0-JAmRB5evB2gqsyAzS_-MVG1q0cXrRoR-pcRopadrjCpT HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=walmart&google_hm=csG5L41XfgU1WhvDR6osNw&tap=gAds&google_gid=CAESEBQpvG3zcRGTGJ-n5-JRbVc&google_cver=1&google_push=AYg5qPIaTTJ5tvHeWvNJa2GT6g0bcJdDaLOVUvSIQ1YEaRbB6sMAYl0-JAmRB5evB2gqsyAzS_-MVG1q0cXrRoR-pcRopadrjCpT

Request Chain 95

https://rtb.openx.net/sync/dds?google_gid=CAESEJ-wdA5gJaL_NUvhzx0XX10&google_cver=1&google_push=AYg5qPKhRmFP8oElqVGDIuIPlsVYHiDMRlGROXOG-B4OdnCGi48bHWks-h9z94yVoY2XyDSBQYglyUd_BZoz7HIcPNEGRJQrQ0qN HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEJ-wdA5gJaL_NUvhzx0XX10&google_cver=1&google_push=AYg5qPKhRmFP8oElqVGDIuIPlsVYHiDMRlGROXOG-B4OdnCGi48bHWks-h9z94yVoY2XyDSBQYglyUd_BZoz7HIcPNEGRJQrQ0qN&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKhRmFP8oElqVGDIuIPlsVYHiDMRlGROXOG-B4OdnCGi48bHWks-h9z94yVoY2XyDSBQYglyUd_BZoz7HIcPNEGRJQrQ0qN&google_hm=CSGNuRuCxhUDWmO3UBm1Qg==

Request Chain 96

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEKZmxnxtsrsbeWgM8kxIF-4&google_cver=1&google_push=AYg5qPLqlbifrg0OPTQaK0hWrd-hB6revdwN7Yu7Xc4NJSA1A99mjmnjWyvAzuf81ptO-KB7k1_GagaJLNzbTnEjgOJXAk0YnbU HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEKZmxnxtsrsbeWgM8kxIF-4&google_cver=1&google_push=AYg5qPLqlbifrg0OPTQaK0hWrd-hB6revdwN7Yu7Xc4NJSA1A99mjmnjWyvAzuf81ptO-KB7k1_GagaJLNzbTnEjgOJXAk0YnbU&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=QfiyMth2SxekDmlJHbi-Hw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLqlbifrg0OPTQaK0hWrd-hB6revdwN7Yu7Xc4NJSA1A99mjmnjWyvAzuf81ptO-KB7k1_GagaJLNzbTnEjgOJXAk0YnbU

Request Chain 97

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEo6woao2nu8SVaT-_U4Hgg&google_cver=1&google_push=AYg5qPKixB5k3iqrgM2RK6zOpUBKHSZd1t99SQokkP2rHOFNfLMB2GtlQZgQLMlYfCXVzymoyAgIiowJtUehzlPnpJtjDagalrk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDQ0TTc1VFQtVy1DRDRC&google_push=AYg5qPKixB5k3iqrgM2RK6zOpUBKHSZd1t99SQokkP2rHOFNfLMB2GtlQZgQLMlYfCXVzymoyAgIiowJtUehzlPnpJtjDagalrk

Request Chain 98

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEEj1Bz1Gm_BnDCGWbM27VQA&google_cver=1&google_push=AYg5qPI4dUZWao-EzBfMf3gARBsbslsYVWijUcSUgzEItbEQqGjJVDlzLqBFxFJKgDGIPJJw4cO3mopraKiiAMn9tjzUXrXlXJA HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEEj1Bz1Gm_BnDCGWbM27VQA&google_push=AYg5qPI4dUZWao-EzBfMf3gARBsbslsYVWijUcSUgzEItbEQqGjJVDlzLqBFxFJKgDGIPJJw4cO3mopraKiiAMn9tjzUXrXlXJA&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yp-0_U_N5VgpX23pa3mscwAAAiUAAAIB&google_push=AYg5qPI4dUZWao-EzBfMf3gARBsbslsYVWijUcSUgzEItbEQqGjJVDlzLqBFxFJKgDGIPJJw4cO3mopraKiiAMn9tjzUXrXlXJA&google_gid=CAESEEj1Bz1Gm_BnDCGWbM27VQA&google_cver=1

Request Chain 101

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 115

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEEMOG2a9O_xv-G9D-gCQIJ0&google_cver=1&google_push=AYg5qPIYHRlqEBpM0BDPT9cBpHH-9R7fMEd87oxyn3fZSJhQ-vgLrbLh2UncP3KgMAj7KKHnQGRwHX4UZxmqF9HLDLufy5ix5w HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=B765081F39B1F7&google_push=AYg5qPIYHRlqEBpM0BDPT9cBpHH-9R7fMEd87oxyn3fZSJhQ-vgLrbLh2UncP3KgMAj7KKHnQGRwHX4UZxmqF9HLDLufy5ix5w&google_hm=SenrYdRFarzRQztLGZXfyg

Request Chain 116

https://beacon.walmart.com/etap.gif?tap=gAds&google_gid=CAESEOFYYMBeFZkCTtNT8jm2DDQ&google_cver=1&google_push=AYg5qPKFrMZMgHtbr1zMMyN-4_kdHTMTwLuo0-umbJGdpu4RdkeIkXCanOR0rYM0C2SQbBt5ziInH_u5Sa6v3Jh31CnjDITWh_Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=walmart&google_hm=dr6_NzGYfLXMxbunR_Q-f8&tap=gAds&google_gid=CAESEOFYYMBeFZkCTtNT8jm2DDQ&google_cver=1&google_push=AYg5qPKFrMZMgHtbr1zMMyN-4_kdHTMTwLuo0-umbJGdpu4RdkeIkXCanOR0rYM0C2SQbBt5ziInH_u5Sa6v3Jh31CnjDITWh_Y

Request Chain 117

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEGG-KRxuXUDhNRoaDclU0RA&google_cver=1&google_push=AYg5qPLux3ra7c9I8KkD6OKxuXtzfsoetxA6OUt4w2V6aU2P2t-ipPM_tsysROYcRZiaRg6BOqyUYO6KtqZ8lJFmOFCHeQvAwS4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=QfiyMth2SxekDmlJHbi-Hw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLux3ra7c9I8KkD6OKxuXtzfsoetxA6OUt4w2V6aU2P2t-ipPM_tsysROYcRZiaRg6BOqyUYO6KtqZ8lJFmOFCHeQvAwS4

Request Chain 118

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIC6_k6mKDZM_lM0KkxDxUY&google_cver=1&google_push=AYg5qPLvIO5brdAXa2XbYbGbAh5_P2WQ9ndyAIeV7Pj-dJqh1_uRA-pc2Eiz3azz5YUsQyMo-IEQfq4mVT770jCLeza3kOdGQZw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDQ0TTc1WVYtWC03RDBP&google_push=AYg5qPLvIO5brdAXa2XbYbGbAh5_P2WQ9ndyAIeV7Pj-dJqh1_uRA-pc2Eiz3azz5YUsQyMo-IEQfq4mVT770jCLeza3kOdGQZw

Request Chain 119

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEIJFEWFYuGyjbpsOQURzN3s&google_cver=1&google_push=AYg5qPJeDCi8Tai577fD_IRJX364Yund2qbw1Z_WKSED4iXcRQ1A4kFJ9COCIJ7Ak9PJ-raNnwvPWX4p8jhFCp5t9aT4NN98sg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yp-0_U_N5VgpX23pa3mscwAAAiUAAAIB&google_cver=1&google_gid=CAESEIJFEWFYuGyjbpsOQURzN3s&google_push=AYg5qPJeDCi8Tai577fD_IRJX364Yund2qbw1Z_WKSED4iXcRQ1A4kFJ9COCIJ7Ak9PJ-raNnwvPWX4p8jhFCp5t9aT4NN98sg

Request Chain 121

https://cc.adingo.jp/adx/push/?google_gid=CAESEH7XCIjSegi5_mkCDyEbT90&google_cver=1&google_push=AYg5qPKOs_WM8S2oOiRope4Qm4jlgsxs31iIqMZHBo-w4S_DwlKn46-u-ZP-i-xBEWVXFFTCa4pKFiHBL7gChO81Dar5ryOFihk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=fluct_eb&google_push=AYg5qPKOs_WM8S2oOiRope4Qm4jlgsxs31iIqMZHBo-w4S_DwlKn46-u-ZP-i-xBEWVXFFTCa4pKFiHBL7gChO81Dar5ryOFihk&google_hm=3e072a9d346d2d9209da14bd6654c5d3

Request Chain 123

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 137

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEAsNhpcPNRN97v-jjCNerrM&google_cver=1&google_push=AYg5qPKNXDUFO0mnIsaG1EaBjE3GaqMBtd2wXPVcdjFVUVKarsV_blOcaQ3p0S4S8Bw75-I1cfA-hdYZUE8m4KWfD-TUZq-vG989wpoTJwJUesqjJP5tBtTQfsV7AMkAFqJ0ng6UEjKf1jA HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=B765081F39B1F7&google_push=AYg5qPKNXDUFO0mnIsaG1EaBjE3GaqMBtd2wXPVcdjFVUVKarsV_blOcaQ3p0S4S8Bw75-I1cfA-hdYZUE8m4KWfD-TUZq-vG989wpoTJwJUesqjJP5tBtTQfsV7AMkAFqJ0ng6UEjKf1jA&google_hm=SenrYdRFarzRQztLGZXfyg

Request Chain 138

https://odr.mookie1.com/t/v2/sync?tagid=V2_4530&src.visitorid=CAESEPxFY7XYPYDIcv-TYqlX48k&google_cver=1&google_push=AYg5qPKQJO8KKVcUmqxFj2yAVa8FapO5V1kab5ZGEHZnJH04HpiQsIiDZKErZx7r3582znjErNssnCIfNbFicdzEMDATCUtbEDT4wXM_VMZKRglkSLUc7l-u4mwdi_3kifGDVkFig0ksva4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dev_dmp&google_push=AYg5qPKQJO8KKVcUmqxFj2yAVa8FapO5V1kab5ZGEHZnJH04HpiQsIiDZKErZx7r3582znjErNssnCIfNbFicdzEMDATCUtbEDT4wXM_VMZKRglkSLUc7l-u4mwdi_3kifGDVkFig0ksva4&google_hm=MTA1OTUzNTE0NDU5NDY2MTU3MTE

Request Chain 139

https://rtb.openx.net/sync/dds?google_gid=CAESEIJFt-r02CRRZABmBMYHIos&google_cver=1&google_push=AYg5qPJ2PmzPm4rYQPw8fPe1KR2rygdFHh6acbvgx1oIvbvdK4sx8uuHAiWREmQy4i1UtzmQd3b66i7QNJt5hGWa73n-j8VOTZ41toN6LHaow6ECiOJKk8W1JNfKDE8S-tOBW2b9L5arMTA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJ2PmzPm4rYQPw8fPe1KR2rygdFHh6acbvgx1oIvbvdK4sx8uuHAiWREmQy4i1UtzmQd3b66i7QNJt5hGWa73n-j8VOTZ41toN6LHaow6ECiOJKk8W1JNfKDE8S-tOBW2b9L5arMTA&google_hm=CSGNuRuCxhUDWmO3UBm1Qg==

Request Chain 140

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEGVkXp46HuEekjGeJpA_cf4&google_cver=1&google_push=AYg5qPLal1mvvbyhXhyvPecDqVr6WwHOo4mA7kRbzi8Xzi2R9IMUHkNyDsoC7jQkjMvHTmvK9mN7g3B_2KwubUP_SB1hY9xjqYOtUrgoZvB_Sovjxhvj4Z1hsgnNdZnkWTxotqfTulqqWzI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDQ0TTc2N0stOS1DVFFU&google_push=AYg5qPLal1mvvbyhXhyvPecDqVr6WwHOo4mA7kRbzi8Xzi2R9IMUHkNyDsoC7jQkjMvHTmvK9mN7g3B_2KwubUP_SB1hY9xjqYOtUrgoZvB_Sovjxhvj4Z1hsgnNdZnkWTxotqfTulqqWzI

Request Chain 141

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPTUPXHNR78wZWIoIa5nISs&google_cver=1&google_push=AYg5qPIshnatvGrTw0GPL3f1iNb7v0g3zyvj2rIiNWxExn5JaMiEu4xuty2iQJV9sGxKK0J3qrOOHtpiLhc-2d1GwZyNqrKIVsngrXF44wgloQuQ8ZoVuGdsT6h2x-vTss4iMCBsQMH1img HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yp-0_U_N5VgpX23pa3mscwAAAiUAAAIB&google_push=AYg5qPIshnatvGrTw0GPL3f1iNb7v0g3zyvj2rIiNWxExn5JaMiEu4xuty2iQJV9sGxKK0J3qrOOHtpiLhc-2d1GwZyNqrKIVsngrXF44wgloQuQ8ZoVuGdsT6h2x-vTss4iMCBsQMH1img&google_gid=CAESEPTUPXHNR78wZWIoIa5nISs&google_cver=1

Request Chain 142

https://ag.innovid.com/trk?tid=11711&google_gid=CAESEA8Sw4ZOIvlJ1yTg-Y_qs-U&google_cver=1&google_push=AYg5qPIY_gG5wuBQW-QhIkZQiYPKx7vZS_JZzy2kloEUGyiCMrK2hpDuKKyVCKi6P037ZPPC22MEmBGwPWzavoC5VBsE1jL9WFGDta0YlmvVH2n2z0r8HbBfOhOY0ozxpnsIRF1MLXQdEMU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPIY_gG5wuBQW-QhIkZQiYPKx7vZS_JZzy2kloEUGyiCMrK2hpDuKKyVCKi6P037ZPPC22MEmBGwPWzavoC5VBsE1jL9WFGDta0YlmvVH2n2z0r8HbBfOhOY0ozxpnsIRF1MLXQdEMU&google_hm=C65CoroFQXyHj12nrjCKWg

Request Chain 143

https://cc.adingo.jp/adx/push/?google_gid=CAESEAKCi9t6lshHsrpaY8rpZl4&google_cver=1&google_push=AYg5qPIY7oxpvdYYn1_4D3umchebkJ0x30rbb59Icx8MfzVJZ9sY7BvaEVp0jfuu47dBLm66MEQRxxmevB3yOln4gjwPF_uARZ_XXlr_rmzyudsXTG8A5PjGSoB20j01vrYbUqcwwbaSprY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=fluct_eb&google_push=AYg5qPIY7oxpvdYYn1_4D3umchebkJ0x30rbb59Icx8MfzVJZ9sY7BvaEVp0jfuu47dBLm66MEQRxxmevB3yOln4gjwPF_uARZ_XXlr_rmzyudsXTG8A5PjGSoB20j01vrYbUqcwwbaSprY&google_hm=3e072a9d346d2d9209da14bd6654c5d3

Request Chain 146

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

150 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/ 46 KB
10 KB 202ms
126ms Document
text/html 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

e4e31caa859cd53e7b62f23806b429c7ce6357150d3ef928f0c72c6ea18cc35d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 717c22c4991a4bbe-YUL
content-encoding: br
content-security-policy: frame-ancestors 'none'
content-type: text/html; charset=utf-8
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Tue, 07 Jun 2022 21:27:26 GMT
last-modified: Tue, 7 Jun 2022 20:27:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jtaKcRlkUaqHEWNWe7DKqHk9c9lpHRnW75vUJ4IMV9H6vaRaZnOu1%2BPTjDS1eCqVFc8dlihNbUSqRcV43jp6eGYDhPKKcpWyqR3hPBrR%2BiEXpdlNMSZhpLRWG4URmt9ldWJN4SGouwXbpl2wGp5SyBwYR6IwC3pj"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
x-frame-options: SAMEORIGIN
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

GET
H2 200 website57.css
www.onlinethreatalerts.com/includes/css/ 23 KB
6 KB 38ms
36ms Stylesheet
text/css 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onlinethreatalerts.com/includes/css/website57.css?v=1

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

247f97bd99f312ee870d9d4655f944c8673e5f45a415691639c7b77a27db0cdb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:28:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2755
x-powered-by: ASP.NET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-powered-by-plesk: PleskWin
last-modified: Sat, 19 Feb 2022 22:01:36 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"0605343dc25d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xbPrZLofGP%2BIAgP5Yc2vQYoS%2BE3pRDhmqo%2B06qY8FewtIX0uSklH0GMp%2BqsOS5vVAR0LB6grImlULIN43%2B7VLqpq%2BddrxZvBNiwjjqSdpnPIrtAoAo5%2Fjv5UczCp7Lb2plKXB4wiz0APrN4NIC7JsY2Qgqek9pLc"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public,max-age=3600
cf-polished: origSize=36430
content-security-policy: frame-ancestors 'none'
cf-ray: 717c22c56a654bbe-YUL
cf-bgj: minify

GET
H2 200 donate.png
www.onlinethreatalerts.com/images/ 680 B
1 KB 29ms
29ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/donate.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

ca6d94c2b2dba5c07fa22b35fd59b14722eebfb4a7274c15ae952dd55d03fcae

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "42d53987fb8d51:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2755
x-powered-by: ASP.NET
content-disposition: inline; filename="donate.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 680
x-powered-by-plesk: PleskWin
last-modified: Sun, 22 Dec 2019 04:23:43 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hX5bYinLV7BxCHsDjPnVt016wgdBsZaxDFFmWvHc0DWkeVkCjIi%2BqMNTNlsX%2BK16K%2FVa4GCJ9%2Bz24of6W8b4BSFjcYWoT1n5DCyEWqa1SDrpIb2QeQZGS2CoTjPxsn5KWZ6RAkNaH54AXwb5jXKNn9cngijug%2FnN"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=1455
accept-ranges: bytes
cf-ray: 717c22c56a6a4bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 twitter.png
www.onlinethreatalerts.com/images/ 828 B
1 KB 33ms
24ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/twitter.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

1750433970c4c042361fe9684224ad496ba567615e90a246f9337d601bc65665

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "edd5d526cc6d41:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2755
x-powered-by: ASP.NET
content-disposition: inline; filename="twitter.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 828
x-powered-by-plesk: PleskWin
last-modified: Sun, 17 Feb 2019 02:56:04 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KBUkLRPOVMWKwYP16b53%2FOaJBJLnB4O2%2BGicau6jazVtR4xHVoPfJ7GcBrO1XC%2Ft99VkIqKqmiptMXynZo3IQ8Fs3VZWoV1J1vHJz2mPuXJR8dNUS1Xaq22WET6ROVawwUUMB2WJRoUKb5MNHVPCAtAq%2BOzmdw3u"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=1301
accept-ranges: bytes
cf-ray: 717c22c59aa94bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 fb.png
www.onlinethreatalerts.com/images/ 650 B
1 KB 36ms
25ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/fb.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

70d381118eb433ce51b122922987546d48eec40439ed294b0bd7f55973533dae

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "2e713ac6cc6d41:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2755
x-powered-by: ASP.NET
content-disposition: inline; filename="fb.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 650
x-powered-by-plesk: PleskWin
last-modified: Sun, 17 Feb 2019 02:54:06 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zb0wFaffjTzifw4O0fNxmTeBmBH5ECrmfyZqqxPTxkigex3BtG7hX3czT9SmSB81o3frxXV7j%2Bi6CAhInq65N0xTNXEjY0oo7lw9TNfb9JE5%2BXgk9L6RqzycvHFobk3gaCZbCUgb7VfKidW5oU44i%2BCo3SAsZm1L"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=935
accept-ranges: bytes
cf-ray: 717c22c5aab64bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 write.png
www.onlinethreatalerts.com/images/ 276 B
667 B 59ms
48ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/write.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

94dccd578b83d4cc15c2ce4708dda82cc3d18cc879c0bc35f704ec16d6a684a7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "3dd199566cc6d41:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2754
x-powered-by: ASP.NET
content-disposition: inline; filename="write.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 276
x-powered-by-plesk: PleskWin
last-modified: Sun, 17 Feb 2019 02:56:11 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mOObKht20y2W7lKQFdcxccj9pobzIhBgpvUNvs8N1kNFPCTZhnRaECcA1Vp9hJtTIS6bngYco5UpFfp5qpYoaFYnOkSQ%2Bgw5lnV4SoUFCnReB9RuZw652gJ5hzAcaY6S%2BYGa5l%2BfE2yM4%2FTVkYeJFM1%2BYjg0cB1J"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=582
accept-ranges: bytes
cf-ray: 717c22c5aab94bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 thumbup.png
www.onlinethreatalerts.com/images/ 702 B
1 KB 66ms
55ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/thumbup.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

d98c2375ed3e73466e1058a38c4b028ce16101b059c901a3573905ffc0b33343

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "1137dd506cc6d41:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2754
x-powered-by: ASP.NET
content-disposition: inline; filename="thumbup.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 702
x-powered-by-plesk: PleskWin
last-modified: Sun, 17 Feb 2019 02:56:01 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fge7yZcQdxPvHyna63v9cs2kuV3BjPem3oD6h2psAZn8eHrACDkNwEfbUCL1Bdhco75dZ5phSvKIl%2BEWA1%2Fw4HaXeMynhAvQYyLz89n0pGKVcXBX76cgnAlsRM%2FwIB2m1bQUDOgA5f0c3gwDfsRMsg3JJJK28Oz%2F"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=1307
accept-ranges: bytes
cf-ray: 717c22c5aabd4bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 history.png
www.onlinethreatalerts.com/images/ 2 KB
2 KB 60ms
49ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/history.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

6c8f75c838d1a6c14fafa79017d12c956ef8fa044f29f3a7d493eac7cab497bb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "287a50e6cc6d41:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2754
x-powered-by: ASP.NET
content-disposition: inline; filename="history.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1898
x-powered-by-plesk: PleskWin
last-modified: Sun, 17 Feb 2019 02:54:09 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=shJWy9TAZQxFI%2FbcYANbtdIDPe4dhnuyrKhXWapyecANzNsxqVHTpas3Ue5JrLVt4mZdDxN%2FhEfF4a5NLD3S5Ii9QT0e7%2BpvYkCxrPHltZrBVBXQSpVAa4bdjJf9GhrFNht0khQI1Xyrn59Ij7lm%2BwMWZhrXzfZN"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=2562
accept-ranges: bytes
cf-ray: 717c22c5aabe4bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 saved.png
www.onlinethreatalerts.com/images/ 406 B
1 KB 33ms
24ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/saved.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

2b6e42c27b740d3dec7b414398be286c288993f71bbb5ca1cce31363ec48e206

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "6d101ddb47d8d51:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2755
x-powered-by: ASP.NET
content-disposition: inline; filename="saved.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 406
x-powered-by-plesk: PleskWin
last-modified: Fri, 31 Jan 2020 15:05:20 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xxNdYMJqBxPGwAghSjXIGYi4%2Fi2Pi9Of4Bfl%2BARvd547ieax8H8CG5%2BlCSJYSFN9MQj%2FDWx4HHLTPlAv66geBY4oAmjn5vVlaMT39CHL%2FgQe%2BowFu8ecm2wIx4RaJbMs%2Fd6jIyVfAN4zSI7zrXiIIJyDJGwxveWX"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=931
accept-ranges: bytes
cf-ray: 717c22c5aabf4bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 eye.png
www.onlinethreatalerts.com/images/ 754 B
1 KB 61ms
51ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/eye.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

12fcda11548ceebd4afafa30de0b1cd97e0531562f0f2b98700e30995d2bb73b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "d3f02da6cc6d41:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2754
x-powered-by: ASP.NET
content-disposition: inline; filename="eye.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 754
x-powered-by-plesk: PleskWin
last-modified: Sun, 17 Feb 2019 02:54:03 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tjYJ8YqLsJZKknSKkjzuBaEcuVGvWQ8S7QKp%2Bw3VH1c6%2FWT%2Fl3jCs6%2BwjHWBH9qjFrDAF0YUEaT6lk9mPAX%2BIjy09bLR%2BevUeTOk8qY%2Bap%2F9zb8%2FYyx8m1PtjUKOfPpWsltAWd7O4sOyigEu7UmjJ3k3JduT1%2B9r"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=1444
accept-ranges: bytes
cf-ray: 717c22c5aac04bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 icon-225.png
www.onlinethreatalerts.com/images/ 2 KB
2 KB 77ms
67ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/icon-225.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

aa8d4b558de7afe632b763e79e0dbf75cd7b92fba5df4ca26f8d984ed3cdc196

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "7bcba1136cc6d41:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2754
x-powered-by: ASP.NET
content-disposition: inline; filename="icon-225.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1960
x-powered-by-plesk: PleskWin
last-modified: Sun, 17 Feb 2019 02:54:18 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NMDiWfckXTLQS5dcQBvAl37yn1LMY3oHkq4Ng%2BVQz6T4kB%2F3w8%2F5TzvDC8Pj3uLMJDHBd1lUdY8hFhPn%2FSYys417w4trx4pd3dMpyDzhWqgbtrIW1cMscuOnyunuefJdiucRL6daqMGRgfrBNEZ3sfGusZtszfSJ"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=6486
accept-ranges: bytes
cf-ray: 717c22c5aac14bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 rarrow.png
www.onlinethreatalerts.com/images/ 306 B
706 B 72ms
62ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/rarrow.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

6b974ee1c8b03b378ab989f5fd39494a02a6ef9a25c30ee3171b12d4906f80d8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "209894446cc6d41:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2755
x-powered-by: ASP.NET
content-disposition: inline; filename="rarrow.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 306
x-powered-by-plesk: PleskWin
last-modified: Sun, 17 Feb 2019 02:55:40 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W6%2Faeul6%2FbUolqGFMDd8OMIba%2Byq8dNQOB%2BuqrJzbrSfjzd%2Fdif0dm2A%2Bly28bJULCfiJ4vCkdR%2FNmpcs%2BuovEXoFd6YQZmeroxLcgpXEeDxCM967m4qYEJvmAN6lEuIBtQSWjQ6dCHqtVBW%2BVXYHB3sZAtW3%2B%2F%2B"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=899
accept-ranges: bytes
cf-ray: 717c22c5aac34bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 larrow.png
www.onlinethreatalerts.com/images/ 316 B
1020 B 61ms
52ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/larrow.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

97dd175890151cee0a20afccc16e7a9800d7901b32b39afbd4322f10d4b10884

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "33ef67196cc6d41:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2755
x-powered-by: ASP.NET
content-disposition: inline; filename="larrow.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 316
x-powered-by-plesk: PleskWin
last-modified: Sun, 17 Feb 2019 02:54:28 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H%2BcfBdizJbE3FpgaQ%2F76Vawb%2FSmVs%2FsiZyj1Zw%2Fv07h68R%2F41R9xl0kv7V9TmAuW0867df6NdP1PYkQEzFP2TDEMlLx6EzcdYix3GNSb7CxwcbX%2BjIhlq3VG7KYYJLoCykspVG45kI67TZNRTy2gysVBUSCFpa5V"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=921
accept-ranges: bytes
cf-ray: 717c22c5aac44bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 fire.png
www.onlinethreatalerts.com/images/ 8 KB
8 KB 66ms
57ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/fire.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

f2f829301ac3314e48bb47fa95e5971ac00d55756937935822482ece2ca143ac

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "b913a060f6d3d41:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2754
x-powered-by: ASP.NET
content-disposition: inline; filename="fire.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8070
x-powered-by-plesk: PleskWin
last-modified: Wed, 06 Mar 2019 08:27:03 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H%2Fxke9jexb5t%2Fcv%2FiQz9IDrUa8mh9LIjFtAqMI7oAM4ynqtDDBNMpAeCbKT1Sdjub%2FcxXDqT3uBV8Ny89PBXbyV8t05e8%2Be%2BGCxcL5P2x9xv6IrlyMAaCWZbdEtX%2FgCJ5G192a1EAYOZuB0Yd%2FvhJul%2Bip8yhhxq"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=17348
accept-ranges: bytes
cf-ray: 717c22c5aad14bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 comment4.png
www.onlinethreatalerts.com/images/ 558 B
954 B 67ms
58ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/comment4.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

e116e51405949ccc5cd74cef9aa6c9037f470dca91dcb53da73b8dc9c52b0dd7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "33f5aa937fb8d51:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2754
x-powered-by: ASP.NET
content-disposition: inline; filename="comment4.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 558
x-powered-by-plesk: PleskWin
last-modified: Sun, 22 Dec 2019 04:23:35 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RUhozNq9mIHssE2gaMPCXzfPgfcQydUHiVZ3aX2LmMvots78VujEzVJX1eN9HHGv5TqaczKx5dJfk8BCjDNfxJaSB76moiubWLvAjST2Mr%2Fka%2BBLQ17j5t1%2FXwjEP1dFECh2VVg%2FxdCtARFnczP9w%2BDJPVEMZm6e"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=1129
accept-ranges: bytes
cf-ray: 717c22c5aad44bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 comment3.png
www.onlinethreatalerts.com/images/ 474 B
916 B 61ms
53ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/comment3.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

e0432688fc68bf749004301ffa03b49d255cc56df23d894427406675412e99bd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "b5c2f5927fb8d51:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2754
x-powered-by: ASP.NET
content-disposition: inline; filename="comment3.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 474
x-powered-by-plesk: PleskWin
last-modified: Sun, 22 Dec 2019 04:23:34 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PhoGYb9FoqUDRmbbauajaHnw5CLrPw%2F9R3LusQg7wgI6FiI5EP5HHKjwha2IS%2BaDiT4Q8jmd0%2BMEeH3MdiuhrzGaCnFK4OIsFd3azg4XI3idyyehbBIydfDEWbbRlGXtwwD5NFdL8%2F%2BBk6fytysSA62GhCjRQiXV"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=1130
accept-ranges: bytes
cf-ray: 717c22c5aad64bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 user.png
www.onlinethreatalerts.com/images/ 888 B
1 KB 64ms
56ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/user.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

861f488fdaf1a72fcf444007e0504611737b85e5a40087655b5a2495d83e863e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "7637f546cc6d41:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2755
x-powered-by: ASP.NET
content-disposition: inline; filename="user.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 888
x-powered-by-plesk: PleskWin
last-modified: Sun, 17 Feb 2019 02:56:07 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I4yzIQd4518nouDIV8AEFDMJV6HFmAc4M8JkliiqV35OxgsNX%2F%2BtGJtazZI7W%2BkMMC8%2BFrVIY%2FNB3%2FBpy9KBqwhEMjhLR5uSTwtFZ9Lje4EXAzrhXfFix0tWBvUNcoEdq2l4RMyEW6PmHVTZXCB4mCKIxD5OIfEf"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=1447
accept-ranges: bytes
cf-ray: 717c22c5aad94bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 bell3.png
www.onlinethreatalerts.com/images/ 174 B
561 B 75ms
67ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/bell3.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

4f9cab651230363b4bd0c15334a9c704c88e0c5c7f6bf4368bdc5a523861a1ef

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "1f8ff1847fb8d51:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2755
x-powered-by: ASP.NET
content-disposition: inline; filename="bell3.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 174
x-powered-by-plesk: PleskWin
last-modified: Sun, 22 Dec 2019 04:23:10 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sj76aAPh%2B9HaY1j6SpvZ%2Ba8Gt9kPhLqMSrJLIpfAqJXwBhigFT%2BP96CYmpmLxZoW4ni1bEpzisbV6bghuo6qx0LHgMavfx1cvF2qAkc2mvUiUy924DTtGav2o5S3dXo4qfBoharjdS9wps7ecIeGOXC07JLaIs34"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=511
accept-ranges: bytes
cf-ray: 717c22c5aadc4bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 s.png
www.onlinethreatalerts.com/images/ 744 B
1 KB 69ms
61ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/s.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

b101c3e945a1e7205ae542e5e34809d52d8872f253d0f502f9e34c06843791ea

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "b6111d476cc6d41:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2755
x-powered-by: ASP.NET
content-disposition: inline; filename="s.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 744
x-powered-by-plesk: PleskWin
last-modified: Sun, 17 Feb 2019 02:55:45 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4rnON2ua4Zu%2FpsGtvzOH3DMzeYXQ9OQUWWKVqg09%2B%2FOZGEAgMESjjToWGBQ77GKdcOd0wxUkXRFmGLmvVglD0RoSzOXhTSPby6A%2BcVsfcFS%2BjLO1F8AT7cxmvWUe8%2BwFjxZlH2GsCmoJu1piHfqnZ0G%2F8uwFkvt1"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=1228
accept-ranges: bytes
cf-ray: 717c22c5aadd4bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 flash2.png
www.onlinethreatalerts.com/images/ 616 B
1009 B 70ms
62ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/flash2.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

bb7582e45027f2c11a220c398f86511f458c1ba89f9495de176e91d950261e5b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "281ec7c6cc6d41:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2755
x-powered-by: ASP.NET
content-disposition: inline; filename="flash2.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 616
x-powered-by-plesk: PleskWin
last-modified: Sun, 17 Feb 2019 02:54:07 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uDmirrVFyIsOhDlyfo7Yj3%2Fc5LlcLMou6rOxLyaqG25VGpwCiX89Y1OKu%2FjFV9QnY8QiIevDQqT%2FsP06S0sDTJwhlKQUGGF4v%2FOnrO6y8%2B0c3cp9q3hku2YvYora3lp3e9utvhn6Qmz%2F0quT8cusfkLzpd2DWfSx"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=1294
accept-ranges: bytes
cf-ray: 717c22c5aade4bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 cat.png
www.onlinethreatalerts.com/images/ 192 B
582 B 62ms
54ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/cat.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

ee7d0307fd888125fa8a18741234f63250126033857b385dbd7e5f803134f59d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "3b484b8e7fb8d51:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2755
x-powered-by: ASP.NET
content-disposition: inline; filename="cat.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 192
x-powered-by-plesk: PleskWin
last-modified: Sun, 22 Dec 2019 04:23:26 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MPMD2nnQSKOxoNa6oPOkFaNFnjRV39HzJQEJ%2FbNEExx5dH7wwa1vlxeN0SafeDIddQwbPfNYqYdV5im6MC9EBwGa656QfWE3uKt7UQqbQ%2FGVD75laDe6syez5%2BzDuPlyPg9KzJbp%2BognURcbFnFLx9pKZKReCYo2"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=533
accept-ranges: bytes
cf-ray: 717c22c5aadf4bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 logo-5.png
www.onlinethreatalerts.com/images/ 2 KB
3 KB 64ms
56ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/logo-5.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

589eb9a634b35b62b29e04e3723c4f22ace208b07e859d3ac301cddb8860e3e8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "72af7a1c6cc6d41:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2755
x-powered-by: ASP.NET
content-disposition: inline; filename="logo-5.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1920
x-powered-by-plesk: PleskWin
last-modified: Sun, 17 Feb 2019 02:54:33 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y%2BPHCifYxF0eiGDYtJryrfE21Q9j6Gtv0wcBSWnvSaur5v41Rmz%2BNGGyVTVxV2xbBGY4FmJk4LPRmaGS%2Ba79zUIq5bIubcSEoIFFefWuLcqDgJCIKuMrpcaMlWjCDvuV1TwZVqabcj9z6LyBYkb98OtfKtPNC8L1"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=4671
accept-ranges: bytes
cf-ray: 717c22c5aae04bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 menu.png
www.onlinethreatalerts.com/images/ 94 B
722 B 65ms
58ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/menu.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

03d15b9e3e184d6e4d9cc634f951303997e4cf013f2628318f7a32c7bd0244b7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "c9725e353e31d71:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2755
x-powered-by: ASP.NET
content-security-policy-report-only: script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=BeZ9GAcgkQeyPxFUrBYqsgYnUs9xX1SEvhEysU0d694-1654633723-0-ASAQOGs17iGPm2gXK9gagPkvoRZ3GjoMXBpDr8zf6xOWFRejMFDNtYxo89flvGFWehqDQ82ke1oVox4gCUCaxCMmrGQ_QIbbh3JkXpA_8inC
content-disposition: inline; filename="menu.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 94
x-powered-by-plesk: PleskWin
last-modified: Wed, 14 Apr 2021 14:55:28 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FQqsMA55lj680mNxFkQIxH2nxex9ik1HSO0pOJkq%2Fc8thLsWVP3w8lZo%2Ftjgs936VYVBWTPy9jpQKjl923T8TjVIDH9%2BZ6F8Zvk8ywdEYQ8LDIr47Wqu4q0sX%2BB%2Ba3WsnGuVfuwHaj%2Fp4QryBWLEvo2CC8v%2FrpHH"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=188
accept-ranges: bytes
cf-ray: 717c22c5aae34bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 nowifi.png
www.onlinethreatalerts.com/images/ 41 KB
42 KB 66ms
59ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/nowifi.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

5d4fa8c57949648365ce572fa8f31571c21182249ecae96efc66ad4226de1460

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "5b7f66343e31d71:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2754
x-powered-by: ASP.NET
content-disposition: inline; filename="nowifi.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 42092
x-powered-by-plesk: PleskWin
last-modified: Wed, 14 Apr 2021 14:55:26 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eSVJHufsd5xOz0XeOsfq%2FmyQC0D%2FDZu09de9MTojbt2hTBC9VzG1af80TXCUwGfz0kdVYsBxsXirgkhljDn4szg14DzNgDDuXdpXtn0NIvdkesmz5bxzxZ106RXVy44P%2BZQc6lztLuIdnOyQEcbXBXEv9HI6Iy7A"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=115121
accept-ranges: bytes
cf-ray: 717c22c5aae54bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 cus.png
www.onlinethreatalerts.com/images/ 158 B
545 B 73ms
66ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/cus.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

010516b60e81fc07a29a71bb26d46baac0ce95ffa96dabee9c6c9705a2850fc8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "a4222d693c0d51:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2754
x-powered-by: ASP.NET
content-disposition: inline; filename="cus.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 158
x-powered-by-plesk: PleskWin
last-modified: Wed, 01 Jan 2020 11:08:46 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F7AEvjUysyo6eUQ%2BrqFxX6F7T566hKfo74WhQ638YaZ22%2BlVybNDYMo9Hc4xASAKboSNJs3krMRFG5u5Nri9N%2F2G%2F7bEbKW4lGU0iKk7bXL1D15ICfwFS6wQHeyGUp7Luhk1zw0haws7iyPkiClIt4QIQTKhQXKh"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=350
accept-ranges: bytes
cf-ray: 717c22c5aae64bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 rssfeed.png
www.onlinethreatalerts.com/images/ 1 KB
2 KB 70ms
63ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/rssfeed.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

0850c9fbd79b69e041c2e95534115e9746072d6265c55959f5a868151090995d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "57f199466cc6d41:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2754
x-powered-by: ASP.NET
content-security-policy-report-only: script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=gU17OEPqvmD6bNFz87azqssx.T67MzLZmA6Bx4yicDI-1654633723-0-AbMm-J6EAbIbWyRZYzNj19beTendESTCQmt59Dn2nBcWk32p7b_LzafuX3S1RZ3cHLbUQxj53W_JNiG90cePZxEDHE7yj_5wvfahq0rk4BPU
content-disposition: inline; filename="rssfeed.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1528
x-powered-by-plesk: PleskWin
last-modified: Sun, 17 Feb 2019 02:55:44 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=STae1SKeS8QWP1cDKg0Gs8lRAhTCgeXT5yV%2F39NKlpIuy7seT88V%2FJlKJX%2BaSPmRIc0xGcAG%2BoPwrszzzzEnyCs0ALywAKOuCeieFG2y5VJhIGve%2BT8LqJz6R2w9KHHJ8vQvrTJYrJkxD%2FxtbXGKCUN1wr7J7bqF"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=2103
accept-ranges: bytes
cf-ray: 717c22c5aae84bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 cemail.png
www.onlinethreatalerts.com/images/ 902 B
2 KB 71ms
64ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/cemail.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

c3c035cf65a2bcd4d757457f3efd5bc403b7d616ff5ede17eea8085c0d45a82c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "add28f7fb8d51:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2754
x-powered-by: ASP.NET
content-disposition: inline; filename="cemail.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 902
x-powered-by-plesk: PleskWin
last-modified: Sun, 22 Dec 2019 04:23:27 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QldG6dxvSnJk7MwfV6aJvQGWNtfDqSFWhe%2BHPq5cEIkiRofSsplL5A5nU1NYKRMNoaxyNbOiOmZelFHcs70h1ZmBc6Jm3FEXhJV%2BaQ7hTOdPoq1CElvCEpiRzL89rxGn1MkMtn%2B9be6msrGIR%2FMM2WmlSP9zcjvD"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=1529
accept-ranges: bytes
cf-ray: 717c22c5aae94bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 icon-2.png
www.onlinethreatalerts.com/images/ 242 B
679 B 71ms
65ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/icon-2.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

ee86b68a7ce0077ad39a472d290d35700737a225eb0e234adec53b9799cb55bf

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "88f0f8c8eb1d51:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2754
x-powered-by: ASP.NET
content-disposition: inline; filename="icon-2.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 242
x-powered-by-plesk: PleskWin
last-modified: Fri, 13 Dec 2019 08:23:07 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6G58OysUDzcdqnwulpMqAupvzr%2FV%2BsaOAvg4TLo9KCPB3be8yL9YHY3DG0rCiCiItHRtdoBnDSTqi13ATaQH2zYeEaCRpHgcUL%2FAlYC8M69S9pr5ET9zIf6Q5927HNiZwWXBSGWO6%2F1thqUkZzUgAbFhLEHK3p2F"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=416
accept-ranges: bytes
cf-ray: 717c22c5aaec4bbe-YUL
cf-bgj: imgq:85,h2pri

GET
H3 200 clock.png
www.onlinethreatalerts.com/images/ 736 B
1 KB 76ms
70ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/clock.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

4120b7fce0fbcbe2f21d26b7cdd074d4127112fda06f3681d9ec5ac1666003b8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "2010b88f7fb8d51:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2754
x-powered-by: ASP.NET
content-disposition: inline; filename="clock.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 736
x-powered-by-plesk: PleskWin
last-modified: Sun, 22 Dec 2019 04:23:28 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GCfDHnlGNq566ThThG2RQhx15QclK7FqUtCWIn%2BruiUdoF2A%2FwnaK6LY1NxyDdLaJNekYVdJszW2McD9FW8EA9obRaUIyAT%2F7RoE%2F9XeHkSa79esliEyifYUny2wscnZrOlYd2VlMIcusynyQELojE70DcwOcS%2FS"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=1572
accept-ranges: bytes
cf-ray: 717c22c5ac76ece6-YUL
cf-bgj: imgq:85,h2pri

GET
H3 200 whatsapp.png
www.onlinethreatalerts.com/images/ 2 KB
2 KB 78ms
72ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/whatsapp.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

6741ad4b2964bd3350dcf3b5d023dafba66148c779b5886b9d034ed6d06707f1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "301c7e556cc6d41:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2754
x-powered-by: ASP.NET
content-disposition: inline; filename="whatsapp.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1802
x-powered-by-plesk: PleskWin
last-modified: Sun, 17 Feb 2019 02:56:09 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GrszRY0TunytctKSbrgh3gW5u8LOBSM9Gq755D1m3X1wUCTAvEVXq49ZMJ%2FgvYFlD1nh%2BUy57KxRfOMcnvgYp9MtRzCzrNUX8Stu0w59lOeLWUb7mx1vSgFRcyLC3dQPSQSdAhRpxGQJkn7w7Uamh6uCUztkqdAB"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=2375
accept-ranges: bytes
cf-ray: 717c22c5ac7aece6-YUL
cf-bgj: imgq:85,h2pri

GET
H3 200 reddit.png
www.onlinethreatalerts.com/images/ 2 KB
2 KB 78ms
73ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/reddit.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

1fbadb6e6b9eede62f4d1e1a7fab708cc6f0f5c94e70ec6870265a192f5979e9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:28:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2754
x-powered-by: ASP.NET
content-disposition: inline; filename="reddit.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1554
x-powered-by-plesk: PleskWin
last-modified: Sun, 17 Feb 2019 02:55:41 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "dc5515456cc6d41:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TtTJQS23u9INoMmT01DkeWCJH0wtmxnujJ3apOnrVoNz3Px8ty%2FjU%2BvuaWpXVT2DMxJcLmVxHVp2McglX52GMMgqvZ2bi6wXhXO%2BskW%2FxkqQE9cu5Rk%2Bahda%2Btr8BX%2FScEN7b1zi4uAFYIFg0oqbAkYWUpWnQRMF"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=2728
content-security-policy: frame-ancestors 'none'
accept-ranges: bytes
cf-ray: 717c22c5ac7bece6-YUL
cf-bgj: imgq:85,h2pri

GET
H3 200 pinit.png
www.onlinethreatalerts.com/images/ 1 KB
2 KB 35ms
30ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/pinit.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

e9c6431003ee60854b54cad131fbdcf4ff7ce05ebc013006efdb8dba7946292b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "bcda13446cc6d41:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2754
x-powered-by: ASP.NET
content-disposition: inline; filename="pinit.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1160
x-powered-by-plesk: PleskWin
last-modified: Sun, 17 Feb 2019 02:55:40 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=URFYqXb8FrJOqzUSCzT%2FliZI%2B%2FKq9dt%2FxFc5mIksaHipn64FxTiAsrBLFmwuBw87DBAQf8iSMZrtBkmNP8toEgS8ZUmWS0f1iHhJQtmTdxTFX118F5%2F4V7ScYIJ0me36c9UBvDT7n6CIz1CiYGlX%2F4agFCwEE59e"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=1743
accept-ranges: bytes
cf-ray: 717c22c5ac7eece6-YUL
cf-bgj: imgq:85,h2pri

GET
H3 200 line.png
www.onlinethreatalerts.com/images/ 1 KB
2 KB 78ms
74ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/line.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

505539f22072c9e74b5561871b7d869f698f5aecc485ee8401361221da07a2a9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "4466ccf99c14d51:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2754
x-powered-by: ASP.NET
content-disposition: inline; filename="line.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1342
x-powered-by-plesk: PleskWin
last-modified: Mon, 27 May 2019 15:00:51 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0%2Fieqi4i1k6Yv%2BFsVwgUeGWs%2B2quqRttBIz2Aj%2Fd6eRNp7dcIfGcMWcFyACH2uVW0dT%2FAguHrO6nA5oP49BlznF2U%2Fd%2BkbsxqdfURmrOpnoYKCBQ6ZBeQ6UMOFEftCtxM3bcb6K7BxR%2FtwD%2Bc8c8Dexjim4KaY32"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=3960
accept-ranges: bytes
cf-ray: 717c22c5ac80ece6-YUL
cf-bgj: imgq:85,h2pri

GET
H3 200 thumbdown.png
www.onlinethreatalerts.com/images/ 688 B
1 KB 79ms
74ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/images/thumbdown.png

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

1d82b790d4583053b0d6a516ad22250ded08e30bff47f1a9d34e15f16551e2a3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "dabbdb4f6cc6d41:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2754
x-powered-by: ASP.NET
content-disposition: inline; filename="thumbdown.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 688
x-powered-by-plesk: PleskWin
last-modified: Sun, 17 Feb 2019 02:55:59 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ILHUycpftYogipQ65m9goCu0XfaFmlr1TtagCgoEFXPBEraafisYUT%2Bk9s7RWnO7v5SoAHWtDah8KFA0c0NmCD%2BwlMIvh%2FsZp%2BNVp1nt%2BCeslKqyvyidCKv1dvJiFf1q9AJU%2BxM4oQgqOllP05tIxprD92hd8VRQ"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public,max-age=3600
cf-polished: origFmt=png, origSize=1305
accept-ranges: bytes
cf-ray: 717c22c5ac82ece6-YUL
cf-bgj: imgq:85,h2pri

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ 87 KB
31 KB 93ms
32ms Script
text/javascript 2607:f8b0:4006:823::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::200a Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 04:59:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142143
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31017
x-xss-protection: 0
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 06 Jun 2023 04:59:40 GMT

GET
H2 200 ota10.js Show response
www.onlinethreatalerts.com/includes/js/ 18 KB
5 KB 39ms
38ms Script
application/javascript 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onlinethreatalerts.com/includes/js/ota10.js?v=1

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

e4583c68394a82a2c60ecf0cd3e16dc58f19c2401690fd6e59cdd4fe010140c6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:28:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2755
x-powered-by: ASP.NET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-powered-by-plesk: PleskWin
last-modified: Thu, 14 Apr 2022 05:22:39 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"807965a8bf4fd81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xtDYqe2vgfPUZboG4g%2BSXZnvEWWT1hwXo6kXabnXqGNfZPJ%2B4K0cVVPF%2Fu0FJOiLYzuoQl47zqwxSGnnnYg0GPFCP2XcHEF8QqPAaWzBCAtLuEHaRuGD2AKtgyfn%2FFDTQDhWVTC59WTapYvSYjhyvZnN%2Fn%2FacrnL"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public,max-age=3600
cf-polished: origSize=149626
content-security-policy: frame-ancestors 'none'
cf-ray: 717c22c57a6b4bbe-YUL
cf-bgj: minify

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 160 KB
55 KB 112ms
54ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8746910186522625

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50c195edff2c8c9944af3830cba4ab12703eec7b9ad620ac79aeac75ec41d472

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:28:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56149
x-xss-protection: 0
server: cafe
etag: 498225377619159913
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 07 Jun 2022 20:28:43 GMT

GET
H3 200 invisible.js Show response
www.onlinethreatalerts.com/cdn-cgi/challenge-platform/h/g/scripts/ 45 KB
16 KB 36ms
32ms Script
application/javascript 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.onlinethreatalerts.com/cdn-cgi/challenge-platform/h/g/scripts/invisible.js?ts=1654632000
Requested by: Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 521655d843f587981dec2ef8e15cd210dd5e59997c0c9eab002584201a305bb7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:28:43 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0ZMK8fTeCJ68fZpsy5ViNSMTAVU5oiisg2FWGV3bkrpL7SSJ5dRVRxAsfWWqQsSJqNznD%2B43Sgm2s3yw7jBTFBAMPXFHhRWlEhsIL%2FnlF3HufgoBnHUOithClaNlTrJUm%2FFXbPnUWby6IbOm9IoE6kHeTM0thP3w"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 717c22c5ac85ece6-YUL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 0.jpg
www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/ 144 KB
145 KB 89ms
85ms Image
image/webp 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/0.jpg

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

e5f7a7f505c29175e09f91880a7d5d7f2d2fcefd76b1012e9b9df8e2b880d191

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'
etag: "4d111caef57d81:0"
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: ASP.NET
content-disposition: inline; filename="0.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 147678
x-powered-by-plesk: PleskWin
last-modified: Sun, 24 Apr 2022 15:27:20 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
date: Tue, 07 Jun 2022 20:28:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZOXkVQxfBi99%2FZ6rFdln5r%2BC1OF9f3pjOVhGvdXqrqUb8ejoMeZ0H8aiwvJtkwI5m14YjiqQWEdujUVMx3aQFj114qTHr8VCmKe6rZ6GOP4e2opzFXG%2BgdhCpKZYiaUrEbNbbNamB2ypDhELYl3LRC0cVFzxnOTE"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=3600
cf-polished: qual=85, origFmt=jpeg, origSize=322151
accept-ranges: bytes
cf-ray: 717c22c5ac8bece6-YUL
cf-bgj: imgq:85,h2pri

GET
H3 200 /
www.onlinethreatalerts.com/about/pwa-offline/ 0
7 KB 79ms
75ms Other
text/html 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onlinethreatalerts.com/about/pwa-offline/

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:28:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-aspnet-version: 4.0.30319
age: 2244
x-powered-by: ASP.NET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-powered-by-plesk: PleskWin
last-modified: Tue, 07 Jun 2022 19:51:18 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9bHbUALogcys9X3FpFOBZEx6gnSfKFyQlqiz9P1SVTDm0CgqHkQpS0sf9vbnJ36NdcZt7v0V5ghY2NHs6%2FK%2FZifPBA0GpEH2IGmX1U0siD10BqfuhHp8YJVGjbyO87DlkYRYJzmVfXtwdFi3bxWTjLzjq2eE0n%2BU"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
cache-control: public, max-age=3600
content-security-policy: frame-ancestors 'none'
cf-ray: 717c22c5ac8dece6-YUL
expires: Tue, 07 Jun 2022 20:51:18 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 160 KB
55 KB 112ms
62ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8746910186522625

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b64a03359b8489ed74a41fd09a96c939f7b56ac147fbabd99d1729f047fc5fc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onlinethreatalerts.com/
Origin: https://www.onlinethreatalerts.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:28:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56150
x-xss-protection: 0
server: cafe
etag: 5552647127547435074
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 07 Jun 2022 20:28:43 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 83ms
25ms Script
text/javascript 2607:f8b0:4006:823::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::200e Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 5943
date: Tue, 07 Jun 2022 18:49:40 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 07 Jun 2022 20:49:40 GMT

GET
H3 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206020101/ 339 KB
120 KB 104ms
58ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206020101/show_ads_impl_fy2019.js?bust=31067908

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8746910186522625

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ebc9ecc1629a15c1554c268206f9e111b232dba30efc3383b3399710e1e02be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:28:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122333
x-xss-protection: 0
server: cafe
etag: 10635207907244460234
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 07 Jun 2022 20:28:44 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220602/r20190131/ Frame E213 10 KB
5 KB 68ms
19ms Document
text/html 2607:f8b0:4006:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220602/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8746910186522625

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

db3985c4d5ae08ac22f3958d29da53f4edcd150439f74c668074c65ea0981da6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onlinethreatalerts.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 22135
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4402
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 07 Jun 2022 14:19:49 GMT
etag: 1327746537699501093
expires: Tue, 21 Jun 2022 14:19:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pica.js
www.onlinethreatalerts.com/cdn-cgi/challenge-platform/h/g/scripts/ 19 KB
7 KB 25ms
25ms Other
application/javascript 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.onlinethreatalerts.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js
Requested by: Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1020ca0ce637cc575f000ef742853a80a06f3c1ef7b5e22f03611642a8f7e1da

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:28:44 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3VAZp2WRNb0q75I15zVC5bU8%2BJDh1wO3ZSqRyZshNRsUJqbORBx%2FvKZ8u22keSZpi%2BCYLnosGzbtc9l79YZG24BcXylWp4WOw0vJyzwB2EwsdxjAboGCPsw1No92qOR%2BF1%2FmS5gTf%2BTpzeTJ9Sy9pVGs7a8ggZtC"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 717c22c74e82ece6-YUL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 js Show response
www.google-analytics.com/gtm/ 97 KB
38 KB 101ms
56ms Script
application/javascript 2607:f8b0:4006:823::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-5RJ82KP&cid=1824504506.1654633724

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::200e Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

065a89f1a38bad549e06c85bbb71f115fb67ab246f46c87deb10adc8193969a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:28:44 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38707
x-xss-protection: 0
last-modified: Tue, 07 Jun 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 07 Jun 2022 20:28:44 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 411 B
706 B 88ms
35ms Script
text/javascript 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.onlinethreatalerts.com&callback=_gfp_s_&client=ca-pub-8746910186522625&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206020101/show_ads_impl_fy2019.js?bust=31067908

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

cafe /

Resource Hash

e6e30b0b689458dd1d0c051d01260b19ea24f76aee2d8f184e1de1d6df995638

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:28:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 262
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.ca/adsid/ 107 B
792 B 115ms
39ms Script
application/javascript 2607:f8b0:4006:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=www.onlinethreatalerts.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206020101/show_ads_impl_fy2019.js?bust=31067908

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Jun 2022 20:28:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 111ms
36ms Script
application/javascript 2607:f8b0:4006:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.onlinethreatalerts.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206020101/show_ads_impl_fy2019.js?bust=31067908

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Jun 2022 20:28:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 81ms
80ms Image
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&tn=DIV&cls=alertbottom&ign=false&pw=1600&ph=1200&x=1575&y=1175

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F505 0
19 B 184ms
126ms Document
text/html 2607:f8b0:4006:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&adk=1812271804&adf=3025194257&lmt=1654633646&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724014&bpp=4&bdt=274&idt=184&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5537290061779&frm=20&pv=2&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=216

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206020101/show_ads_impl_fy2019.js?bust=31067908

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onlinethreatalerts.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 07 Jun 2022 20:28:44 GMT
expires: Tue, 07 Jun 2022 20:28:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 200 717c22c4991a4bbe Show response
www.onlinethreatalerts.com/cdn-cgi/challenge-platform/h/g/cv/result/ 2 B
738 B 56ms
54ms XHR
text/plain 2606:4700:20::ac43:4561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.onlinethreatalerts.com/cdn-cgi/challenge-platform/h/g/cv/result/717c22c4991a4bbe
Requested by: Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/cdn-cgi/challenge-platform/h/g/scripts/invisible.js?ts=1654632000
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4561 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 07 Jun 2022 20:28:44 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hdzEghp6ncURxQQxyU5tmsZTd6eZAxvptDQsgsOtaJuyuuMZ%2FDgNH5k8gNbK%2BunTB4Dv1kW79CPoJzsk1GNEMGBGFQuAk1Dqg3XZaAE4BKxMaG91vq9O%2BNHc7uL1E43Ji7g570l33IicR%2FDZect8S4dFnRvxz9Op"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 717c22ca6a18ece6-YUL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9716 99 KB
34 KB 872ms
870ms Document
text/html 2607:f8b0:4006:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=3175270842&adk=1981524452&adf=3304449892&pi=t.ma~as.3175270842&w=728&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724018&bpp=4&bdt=278&idt=520&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=355&ady=261&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=pcxmjEtr6k&p=https%3A//www.onlinethreatalerts.com&dtd=537

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206020101/show_ads_impl_fy2019.js?bust=31067908

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78b77e328b39675a285d5ad6bb39e03bdcd1a6d848c3f29bea54a325bbdc990d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onlinethreatalerts.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 35145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 07 Jun 2022 20:28:45 GMT
expires: Tue, 07 Jun 2022 20:28:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4BA7 134 KB
44 KB 768ms
767ms Document
text/html 2607:f8b0:4006:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=9911826040&adk=3707071954&adf=665877015&pi=t.ma~as.9911826040&w=728&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724022&bpp=1&bdt=282&idt=560&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x280&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=355&ady=1194&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=2UDcjDArcI&p=https%3A//www.onlinethreatalerts.com&dtd=566

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206020101/show_ads_impl_fy2019.js?bust=31067908

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c797c72116853874925b0693b8b9000b9e30ecb9e10c6823e6c8eda1612805ed

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18053640762837540807/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18053640762837540807/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COLZjvuWnPgCFVIPcQod9cwF-Q&gqi=_LSfYpWZJdqryQPn87uYDg&layout=/sadbundle/%24csp%253Der3%24/18053640762837540807/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onlinethreatalerts.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 44570
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18053640762837540807/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18053640762837540807/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COLZjvuWnPgCFVIPcQod9cwF-Q&gqi=_LSfYpWZJdqryQPn87uYDg&layout=/sadbundle/%24csp%253Der3%24/18053640762837540807/index.html
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 07 Jun 2022 20:28:45 GMT
expires: Tue, 07 Jun 2022 20:28:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 33ms
33ms XHR
text/plain 2607:f8b0:4006:823::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1371702267&t=pageview&_s=1&dl=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&ul=en-us&de=UTF-8&dt=wp20%20ru%20Scam%20and%20Web%20Browser%20Hijacker&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KGBAAEADQAAAAC~&jid=665029066&gjid=2143911741&cid=1824504506.1654633724&tid=UA-36393069-1&_gid=1083471455.1654633724&_r=1&_slc=1&z=1207278700

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::200e Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onlinethreatalerts.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:44 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.onlinethreatalerts.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame CA32 101 KB
34 KB 1288ms
1287ms Document
text/html 2607:f8b0:4006:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=6277945241&adk=1090081780&adf=2106144157&pi=t.ma~as.6277945241&w=699&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=699x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724023&bpp=1&bdt=283&idt=582&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x280%2C728x280&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=370&ady=2202&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=BZO7ygZ9L9&p=https%3A//www.onlinethreatalerts.com&dtd=592

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206020101/show_ads_impl_fy2019.js?bust=31067908

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

03b2edc4d48a8ca76b952bbc00c55e609bd7ce4c01b83082092fbdbe15563931

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onlinethreatalerts.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 34672
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 07 Jun 2022 20:28:45 GMT
expires: Tue, 07 Jun 2022 20:28:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6CC7 70 KB
23 KB 876ms
874ms Document
text/html 2607:f8b0:4006:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=7085129746&adk=3384180819&adf=2422321695&pi=t.ma~as.7085129746&w=699&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=699x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724024&bpp=1&bdt=284&idt=606&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dfd66a6d275f1ed08-2279f4cfd2d20047%3AT%3D1654633724%3ART%3D1654633724%3AS%3DALNI_MYSQHmxBeBea7UsDSP5aXIwJHfJKA&gpic=UID%3D000005f6e218a414%3AT%3D1654633724%3ART%3D1654633724%3AS%3DALNI_MbXajxRJN6TsqA9wNfkNMJGXy58Ew&prev_fmts=0x0%2C728x280%2C728x280%2C699x280&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=370&ady=2884&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=fEO0zEAAC8&p=https%3A//www.onlinethreatalerts.com&dtd=613

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206020101/show_ads_impl_fy2019.js?bust=31067908

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

74a0e734491cd1a08c7a71c29494811000e0836532e9f5f39c387f282381a230

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onlinethreatalerts.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 23488
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 07 Jun 2022 20:28:45 GMT
expires: Tue, 07 Jun 2022 20:28:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18053640762837540807/ Frame 9860 15 KB
6 KB 96ms
45ms Document
text/html 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18053640762837540807/index.html

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41f7038cf1a00188555bd08200d86c7664b4aa808c0fb5a2ab6f41e2f86cac3a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 6172
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 4196
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Tue, 07 Jun 2022 18:45:53 GMT
expires: Wed, 07 Jun 2023 18:45:53 GMT
last-modified: Thu, 12 May 2022 15:35:50 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame F2F3 0
0 102ms
101ms Fetch
text/html 2607:f8b0:4006:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CjjcA_LSfYuLrJdKexAP1mZfID_y4kLRqtvWajt8P2tkeEAEg3fWEHmD96KKB8AOgAbzTkLooyAEJqQLeIve7ZMOqPqgDAcgDSKoEsAJP0IO5x-mqEVPoMi_hdvRD0Fy0fGjvZEbP_nhvtgssU06NHpDnQPW9H9VSbN0fVID-xQJ5z-GiifRM6JFviOv1T06M6pez9DYBUKWjcvY2xySQ3FCR_YCCRcfaxWwKG9DsXQpXVcINtVC9RX8fN4Y1glZYpN8Lkp7IDTZixaxPg1icsV94U_96w3VhJd9GzXD-jf_wcfl8iBEWz16kE52fU3MbLqsc5bH5dX6Apg7rohzdDYRtXHqDAGCAFHB3h7c9dG2aVOMoq0fe7LAVDLE5SJc6WER4oADj1XSKlvj-PXDlR5LHHNCtx5dNEmMlKH4B-rdCvqIx9KcI5l-gU2oZLWYA8TaANerc0vciMVxhaOqGQPhHofE9XuWevIe-DvJwYToDMrF--HHtQjvFhxV2wATo5o-WjASSBQQIBBgBkgUECAUYBKAGLoAHvIvhmQOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBDPnCTSCAcIgGEQARgfgAoByAsB2BMN0BUBgBcBshccChoIABIUcHViLTg3NDY5MTAxODY1MjI2MjUYAA&sigh=EC3VBtDavBw&uach_m=[UACH]&template_id=419

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=9911826040&adk=3707071954&adf=665877015&pi=t.ma~as.9911826040&w=728&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724022&bpp=1&bdt=282&idt=560&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x280&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=355&ady=1194&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=2UDcjDArcI&p=https%3A//www.onlinethreatalerts.com&dtd=566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 07 Jun 2022 20:28:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220606/r20110914/ Frame F2F3 21 KB
9 KB 59ms
21ms Script
text/javascript 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220606/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=9911826040&adk=3707071954&adf=665877015&pi=t.ma~as.9911826040&w=728&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724022&bpp=1&bdt=282&idt=560&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x280&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=355&ady=1194&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=2UDcjDArcI&p=https%3A//www.onlinethreatalerts.com&dtd=566

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de84e217abb7ead0e28d3175eae9f1187cc9a6ac93de7711c4ca14a118809778

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:22:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 396
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8701
x-xss-protection: 0
server: cafe
etag: 7038200677561849530
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Jun 2022 20:22:09 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220606/r20110914/client/ Frame F2F3 3 KB
1 KB 64ms
26ms Script
text/javascript 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220606/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:26:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 136
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Jun 2022 20:26:29 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F2F3 138 KB
43 KB 62ms
49ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ff2968fef8c191871ce7f2dab4e5f32b8c372fb605f0b210cf9015843ed859e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:28:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43419
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1654515382487150"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 07 Jun 2022 20:28:45 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220606/r20110914/client/ Frame F2F3 17 KB
7 KB 60ms
24ms Script
text/javascript 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220606/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4e40cd2f9b3804c4c981db3e8a482687e3a455d780e7b305a5c598809920bcab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:27:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 89
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7351
x-xss-protection: 0
server: cafe
etag: 330450436367057301
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Jun 2022 20:27:16 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame F2F3 0
0 86ms
37ms Image
text/html 2607:f8b0:4006:807::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT85LQxjODoeFbngoRipml0OuWWC3SjcZLLMdACx22hQpVUWYpabzOOVTmqKYw_qF2eALpJ6-fwWxUDBfuItyhAnuOH7w
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=9911826040&adk=3707071954&adf=665877015&pi=t.ma~as.9911826040&w=728&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724022&bpp=1&bdt=282&idt=560&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x280&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=355&ady=1194&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=2UDcjDArcI&p=https%3A//www.onlinethreatalerts.com&dtd=566
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:807::2004 Mullica Hill, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

GET
H2 200 css
fonts.googleapis.com/ Frame 9716 8 KB
1 KB 98ms
38ms Stylesheet
text/css 2607:f8b0:4006:807::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=3175270842&adk=1981524452&adf=3304449892&pi=t.ma~as.3175270842&w=728&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724018&bpp=4&bdt=278&idt=520&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=355&ady=261&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=pcxmjEtr6k&p=https%3A//www.onlinethreatalerts.com&dtd=537

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::200a Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 07 Jun 2022 20:18:02 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 07 Jun 2022 20:28:45 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 07 Jun 2022 20:28:45 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220606/r20110914/client/ Frame 9716 2 KB
983 B 44ms
43ms Script
text/javascript 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220606/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:27:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
server: cafe
etag: 13035868154101442325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Jun 2022 20:27:43 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220606/r20110914/ Frame 9716 21 KB
9 KB 27ms
26ms Script
text/javascript 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220606/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de84e217abb7ead0e28d3175eae9f1187cc9a6ac93de7711c4ca14a118809778

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:22:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 396
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8701
x-xss-protection: 0
server: cafe
etag: 7038200677561849530
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Jun 2022 20:22:09 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220606/r20110914/client/ Frame 9716 3 KB
1 KB 33ms
32ms Script
text/javascript 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220606/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:26:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 136
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Jun 2022 20:26:29 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9716 138 KB
42 KB 85ms
85ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ff2968fef8c191871ce7f2dab4e5f32b8c372fb605f0b210cf9015843ed859e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:28:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43419
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1654515382487150"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 07 Jun 2022 20:28:45 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220606/r20110914/client/ Frame 9716 17 KB
7 KB 39ms
39ms Script
text/javascript 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220606/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4e40cd2f9b3804c4c981db3e8a482687e3a455d780e7b305a5c598809920bcab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:27:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 89
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7351
x-xss-protection: 0
server: cafe
etag: 330450436367057301
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Jun 2022 20:27:16 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 9716 0
0 37ms
37ms Image
text/html 2607:f8b0:4006:807::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR8cNi3wDbizGp6xzl0DkYqf7vZstikDRoxefNasvFXr4nB3nsse7dBko5f0Tf1L2R-xm76SeU3sNTDt0-7Gxys4KrmHQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=3175270842&adk=1981524452&adf=3304449892&pi=t.ma~as.3175270842&w=728&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724018&bpp=4&bdt=278&idt=520&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=355&ady=261&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=pcxmjEtr6k&p=https%3A//www.onlinethreatalerts.com&dtd=537
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:807::2004 Mullica Hill, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

GET
H2 200 1a132ce94651f9fd8f1d4e10540034d5.js Show response
www.gstatic.com/mysidia/ Frame 9716 31 KB
13 KB 71ms
20ms Script
text/javascript 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1a132ce94651f9fd8f1d4e10540034d5.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7de3cdb1a5dffb33bb9662f0fce8d25aa5e49f5d88e3bc2a066f491d5bb3fe7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 04:59:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142169
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13011
x-xss-protection: 0
last-modified: Tue, 31 May 2022 21:35:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 04 Sep 2022 04:59:16 GMT

GET
H3

200

B26984702.324093669;dc_pre=CLStx_uWnPgCFYWmnwodGE4G3A;dc_trk_aid=527335584;dc_trk_cid=163869937;ord=1490919493;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= Show response
ad.doubleclick.net/ddm/trackimp/N5409.274533.ADMOBGOOGLEINC/ Frame 9716
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N5409.274533.ADMOBGOOGLEINC/B26984702.324093669;dc_trk_aid=527335584;dc_trk_cid=163869937;ord=1490919493;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;t...
https://ad.doubleclick.net/ddm/trackimp/N5409.274533.ADMOBGOOGLEINC/B26984702.324093669;dc_pre=CLStx_uWnPgCFYWmnwodGE4G3A;dc_trk_aid=527335584;dc_trk_cid=163869937;ord=1490919493;dc_lat=;dc_rdid=;t...

42 B
63 B

95ms
47ms

Fetch
image/gif

142.251.40.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/trackimp/N5409.274533.ADMOBGOOGLEINC/B26984702.324093669;dc_pre=CLStx_uWnPgCFYWmnwodGE4G3A;dc_trk_aid=527335584;dc_trk_cid=163869937;ord=1490919493;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?

Requested by

Protocol

Server

142.251.40.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:45 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimp/N5409.274533.ADMOBGOOGLEINC/B26984702.324093669;dc_pre=CLStx_uWnPgCFYWmnwodGE4G3A;dc_trk_aid=527335584;dc_trk_cid=163869937;ord=1490919493;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 9716 0
0 89ms
88ms Fetch
text/html 2607:f8b0:4006:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CVUNF_LSfYrf6I6KaoPMPxLyN8AaF0ea2arztopjbD4OChsvCARABIN31hB5g_eiigfADoAGh08HvA8gBCakCE0l14e69qj6oAwHIA8sEqgSfAk_QWP7tlGbNWRmiVAEAvMhVRCRbaQoefRqDlYNplW-BkwY6ZlEMVVoTLFcfzjo2mRtwUoo3bbbbOXE4LRO56RopWyFaZKdvBEO5mTSBOLo7I1B47NX3ESN0A25HMD9TvG8XSaq_eBPYgaAIbMl2lJPU2Isek7r5M7r3hwE-EajjfXpZFmmkjfmu2Pdtwo5U59933QDqOk1PIr6SNHxzN3krPwXr07NTXSrOp7KB9TrTlV1pYCjITL7YUqr02ySJyBGBG1Lgx3OyE3qlfc6kA-iyjkUEPp0hrtrmizYj_E-KR6vSNKUeOwgX_lHvOYji7y-_CA7dbqnDEmaH7Vd_tY7UV_I3EOUu5JcTAKZ4Qhn_OGTtjVgDGOK9vb6W8jbnwATT-5zX7AOSBQQIBBgBkgUECAUYBKAGLoAHtuufjwGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBRC69fQB0ggHCIBhEAEYH4AKAcgLAbgTiCfYEw2IFAHQFQGAFwGyFxwKGggAEhRwdWItODc0NjkxMDE4NjUyMjYyNRgA&sigh=TAcOpoeW2u8&uach_m=[UACH]&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=3175270842&adk=1981524452&adf=3304449892&pi=t.ma~as.3175270842&w=728&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724018&bpp=4&bdt=278&idt=520&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=355&ady=261&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=pcxmjEtr6k&p=https%3A//www.onlinethreatalerts.com&dtd=537
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 07 Jun 2022 20:28:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/9803043187098959771/ Frame 9716 14 KB
15 KB 29ms
28ms Image
image/jpeg 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9803043187098959771/downsize_200k_v1?w=400&h=209

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7107bafd4513d5945e1904950ee53f41fa0dde0901a94d8df09cc5e6c7095219

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Sat, 04 Jun 2022 17:26:15 GMT
x-content-type-options: nosniff
age: 270150
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14822
x-xss-protection: 0
last-modified: Mon, 02 May 2022 18:30:22 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 04 Jun 2023 17:26:15 GMT

GET
DATA 200
OK truncated
/ Frame 9716 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 9716 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C427 143 B
163 B 25ms
20ms Document
text/html 2607:f8b0:4006:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=9911826040&adk=3707071954&adf=665877015&pi=t.ma~as.9911826040&w=728&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724022&bpp=1&bdt=282&idt=560&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x280&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=355&ady=1194&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=2UDcjDArcI&p=https%3A//www.onlinethreatalerts.com&dtd=566
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 41
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Tue, 07 Jun 2022 20:28:04 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame CCAF 1 KB
749 B 26ms
24ms Document
text/html 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 14863
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 07 Jun 2022 16:21:02 GMT
etag: 48472445140208031
expires: Wed, 08 Jun 2022 16:21:02 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame F2F3 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 79ccad31dc882b58e309238df1c1d866f8f1395b9370aee3c3c2b9c36f9901f6

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame F2F3 0
20 B 128ms
85ms Other
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COLZjvuWnPgCFVIPcQod9cwF-Q&gqi=_LSfYpWZJdqryQPn87uYDg&layout=/sadbundle/%24csp%253Der3%24/18053640762837540807/index.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 9860 9 KB
3 KB 74ms
24ms Script
text/javascript 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18053640762837540807/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 05:04:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 55462
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 08 Jun 2022 05:04:23 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 9860 26 KB
10 KB 76ms
28ms Script
text/javascript 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18053640762837540807/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 22:27:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79299
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 07 Jun 2022 22:27:06 GMT

GET
H3 200 b1fdcde002f69c304804aab912245eed.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18053640762837540807/ Frame 9860 81 KB
21 KB 84ms
36ms Script
application/x-javascript 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18053640762837540807/b1fdcde002f69c304804aab912245eed.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18053640762837540807/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

046b258dacaafb51f98e58d185645043a52d6d1ca179570ac2b5fd0ca2f650f4

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 6172
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21460
x-xss-protection: 0
last-modified: Thu, 12 May 2022 15:35:50 GMT
server: sffe
date: Tue, 07 Jun 2022 18:45:53 GMT
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 07 Jun 2023 18:45:53 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 6CC7 5 KB
667 B 78ms
34ms Stylesheet
text/css 2607:f8b0:4006:807::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open%20Sans%3A400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=7085129746&adk=3384180819&adf=2422321695&pi=t.ma~as.7085129746&w=699&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=699x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724024&bpp=1&bdt=284&idt=606&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dfd66a6d275f1ed08-2279f4cfd2d20047%3AT%3D1654633724%3ART%3D1654633724%3AS%3DALNI_MYSQHmxBeBea7UsDSP5aXIwJHfJKA&gpic=UID%3D000005f6e218a414%3AT%3D1654633724%3ART%3D1654633724%3AS%3DALNI_MbXajxRJN6TsqA9wNfkNMJGXy58Ew&prev_fmts=0x0%2C728x280%2C728x280%2C699x280&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=370&ady=2884&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=fEO0zEAAC8&p=https%3A//www.onlinethreatalerts.com&dtd=613

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::200a Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

efa5f8df07811ca584265a7f3b44e74687496ae792370392f6fec18f4c1ea30f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 07 Jun 2022 20:27:37 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 07 Jun 2022 20:28:45 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 07 Jun 2022 20:28:45 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220606/r20110914/client/ Frame 6CC7 2 KB
904 B 61ms
46ms Script
text/javascript 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220606/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:27:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
server: cafe
etag: 13035868154101442325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Jun 2022 20:27:43 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220606/r20110914/ Frame 6CC7 21 KB
9 KB 37ms
23ms Script
text/javascript 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220606/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de84e217abb7ead0e28d3175eae9f1187cc9a6ac93de7711c4ca14a118809778

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:22:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 396
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8701
x-xss-protection: 0
server: cafe
etag: 7038200677561849530
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Jun 2022 20:22:09 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220606/r20110914/client/ Frame 6CC7 3 KB
1 KB 39ms
39ms Script
text/javascript 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220606/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:26:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 136
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Jun 2022 20:26:29 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6CC7 138 KB
42 KB 90ms
89ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ff2968fef8c191871ce7f2dab4e5f32b8c372fb605f0b210cf9015843ed859e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:28:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43419
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1654515382487150"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 07 Jun 2022 20:28:45 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220606/r20110914/client/ Frame 6CC7 17 KB
7 KB 34ms
21ms Script
text/javascript 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220606/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4e40cd2f9b3804c4c981db3e8a482687e3a455d780e7b305a5c598809920bcab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:27:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 89
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7351
x-xss-protection: 0
server: cafe
etag: 330450436367057301
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Jun 2022 20:27:16 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 6CC7 0
0 80ms
36ms Image
text/html 2607:f8b0:4006:807::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSIndcVbxrsq-OFh2-V_Z1Ttt4IU55Qwuqc3GKdp8bvafwGdQKxuK4fbE-QKrXx3fUit1ziumT8Y5slQP6_8ejyTKO8Vw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=7085129746&adk=3384180819&adf=2422321695&pi=t.ma~as.7085129746&w=699&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=699x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724024&bpp=1&bdt=284&idt=606&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dfd66a6d275f1ed08-2279f4cfd2d20047%3AT%3D1654633724%3ART%3D1654633724%3AS%3DALNI_MYSQHmxBeBea7UsDSP5aXIwJHfJKA&gpic=UID%3D000005f6e218a414%3AT%3D1654633724%3ART%3D1654633724%3AS%3DALNI_MbXajxRJN6TsqA9wNfkNMJGXy58Ew&prev_fmts=0x0%2C728x280%2C728x280%2C699x280&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=370&ady=2884&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=fEO0zEAAC8&p=https%3A//www.onlinethreatalerts.com&dtd=613
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:807::2004 Mullica Hill, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

GET
H3 200 1a132ce94651f9fd8f1d4e10540034d5.js Show response
www.gstatic.com/mysidia/ Frame 6CC7 31 KB
13 KB 61ms
20ms Script
text/javascript 2607:f8b0:4006:822::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1a132ce94651f9fd8f1d4e10540034d5.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2003 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7de3cdb1a5dffb33bb9662f0fce8d25aa5e49f5d88e3bc2a066f491d5bb3fe7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 04:59:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142169
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13011
x-xss-protection: 0
last-modified: Tue, 31 May 2022 21:35:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 04 Sep 2022 04:59:16 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 6CC7 0
0 89ms
89ms Fetch
text/html 2607:f8b0:4006:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C_BQH_LSfYq3rKI69_gTKg6HID6CJ24tq5K2Nk80P-ruM3ZcwEAEg3fWEHmD96KKB8AOgAb2lkNIDyAEBqQIjJU6Pg_OxPqgDAaoEmwJP0LqFfvAXd-BG-9niilPUPGhh4oNceAU6UqjgooYCXTa1m79v6dnu2f7amEAmMX-PRxbLYQ-MZJzkdcgej4UEZQ9dv3iKdHZW3CeV6gprQUs3KNnr4G5B4vTr1qdDk4LXjaGIQq_07iB43-Qt-nzO4AvMhCa29rvCMEhMW78_bXsAqfGLR6ZCtHE8W2wjA1kD61OHI_uHjNmCwy_3yEj3pOA6VJsGarShIXK9vx_W2mlVBws0eRc45mbhP3CPclhFA5Y6fdBcsiOH1jF0LasSV1e3aXexU2Ht860CKsPtVXALk07XiXonscDlw1L5N8U78HFDTfUkD-urwEOdVdozQYX3F66R_NEzZtWQ2ArGUKnugL4eZ5OlYF2qwATGnd-C9wOSBQQIBBgBkgUECAUYBIAHjNLRkAGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBDU1UXSCAcIgGEQARgfgAoByAsB2BMM0BUBgBcBshccChoIABIUcHViLTg3NDY5MTAxODY1MjI2MjUYAA&sigh=WRPozNKFqKo&uach_m=[UACH]&template_id=5020

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=7085129746&adk=3384180819&adf=2422321695&pi=t.ma~as.7085129746&w=699&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=699x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724024&bpp=1&bdt=284&idt=606&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dfd66a6d275f1ed08-2279f4cfd2d20047%3AT%3D1654633724%3ART%3D1654633724%3AS%3DALNI_MYSQHmxBeBea7UsDSP5aXIwJHfJKA&gpic=UID%3D000005f6e218a414%3AT%3D1654633724%3ART%3D1654633724%3AS%3DALNI_MbXajxRJN6TsqA9wNfkNMJGXy58Ew&prev_fmts=0x0%2C728x280%2C728x280%2C699x280&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=370&ady=2884&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=fEO0zEAAC8&p=https%3A//www.onlinethreatalerts.com&dtd=613
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 07 Jun 2022 20:28:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 9716 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 530e29200bf3079a5bc84be0ae94e2a0b01d65ae9375123df55f02d818ebe31c

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame CCAF 35 B
464 B 97ms
25ms Image
image/gif 2620:116:800b:21:f059:4f7e:28a9:1588
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELrFQuJNcU4ypaWFsiotUhQ&google_cver=1&google_push=AYg5qPLrR04hBLYafqccJcnueWsNW4Ea8tPZbW3HEYCNvrB2XzPN87B1o-ES0p0r5gLRlripOB7jvxx6opRXjmmn6TjLcrhEH9Cl

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800b:21:f059:4f7e:28a9:1588 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:45 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CCAF
Redirect Chain

https://beacon.walmart.com/etap.gif?tap=gAds&google_gid=CAESEBQpvG3zcRGTGJ-n5-JRbVc&google_cver=1&google_push=AYg5qPIaTTJ5tvHeWvNJa2GT6g0bcJdDaLOVUvSIQ1YEaRbB6sMAYl0-JAmRB5evB2gqsyAzS_-MVG1q0cXrRoR...
https://cm.g.doubleclick.net/pixel?google_nid=walmart&google_hm=csG5L41XfgU1WhvDR6osNw&tap=gAds&google_gid=CAESEBQpvG3zcRGTGJ-n5-JRbVc&google_cver=1&google_push=AYg5qPIaTTJ5tvHeWvNJa2GT6g0bcJdDaLOV...

170 B
188 B

36ms
36ms

Image
image/png

142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=walmart&google_hm=csG5L41XfgU1WhvDR6osNw&tap=gAds&google_gid=CAESEBQpvG3zcRGTGJ-n5-JRbVc&google_cver=1&google_push=AYg5qPIaTTJ5tvHeWvNJa2GT6g0bcJdDaLOVUvSIQ1YEaRbB6sMAYl0-JAmRB5evB2gqsyAzS_-MVG1q0cXrRoR-pcRopadrjCpT

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

strict-transport-security: max-age=7884000; includeSubDomains
via: HTTP/2.0 odnd
last-modified: Tue, 24 May 2022 19:58:11 GMT
date: Tue, 07 Jun 2022 20:28:40 GMT
content-type: text/plain; charset=utf-8
location: https://cm.g.doubleclick.net/pixel?google_nid=walmart&google_hm=csG5L41XfgU1WhvDR6osNw&tap=gAds&google_gid=CAESEBQpvG3zcRGTGJ-n5-JRbVc&google_cver=1&google_push=AYg5qPIaTTJ5tvHeWvNJa2GT6g0bcJdDaLOVUvSIQ1YEaRbB6sMAYl0-JAmRB5evB2gqsyAzS_-MVG1q0cXrRoR-pcRopadrjCpT
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
content-length: 0
x-tb: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CCAF
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEJ-wdA5gJaL_NUvhzx0XX10&google_cver=1&google_push=AYg5qPKhRmFP8oElqVGDIuIPlsVYHiDMRlGROXOG-B4OdnCGi48bHWks-h9z94yVoY2XyDSBQYglyUd_BZoz7HIcPNEGRJQrQ0qN
https://rtb.openx.net/sync/dds?google_gid=CAESEJ-wdA5gJaL_NUvhzx0XX10&google_cver=1&google_push=AYg5qPKhRmFP8oElqVGDIuIPlsVYHiDMRlGROXOG-B4OdnCGi48bHWks-h9z94yVoY2XyDSBQYglyUd_BZoz7HIcPNEGRJQrQ0qN&...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKhRmFP8oElqVGDIuIPlsVYHiDMRlGROXOG-B4OdnCGi48bHWks-h9z94yVoY2XyDSBQYglyUd_BZoz7HIcPNEGRJQrQ0qN&google_hm=CSGNuRuCxhUDWmO3UBm1Qg==

170 B
188 B

45ms
44ms

Image
image/png

142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKhRmFP8oElqVGDIuIPlsVYHiDMRlGROXOG-B4OdnCGi48bHWks-h9z94yVoY2XyDSBQYglyUd_BZoz7HIcPNEGRJQrQ0qN&google_hm=CSGNuRuCxhUDWmO3UBm1Qg==

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:45 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKhRmFP8oElqVGDIuIPlsVYHiDMRlGROXOG-B4OdnCGi48bHWks-h9z94yVoY2XyDSBQYglyUd_BZoz7HIcPNEGRJQrQ0qN&google_hm=CSGNuRuCxhUDWmO3UBm1Qg==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-request-id: bi16076onoq8k3u0sk6otkaokt05nip6

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CCAF
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=QfiyMth2SxekDmlJHbi-Hw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

40ms
40ms

Image
image/png

142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=QfiyMth2SxekDmlJHbi-Hw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLqlbifrg0OPTQaK0hWrd-hB6revdwN7Yu7Xc4NJSA1A99mjmnjWyvAzuf81ptO-KB7k1_GagaJLNzbTnEjgOJXAk0YnbU

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=QfiyMth2SxekDmlJHbi-Hw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLqlbifrg0OPTQaK0hWrd-hB6revdwN7Yu7Xc4NJSA1A99mjmnjWyvAzuf81ptO-KB7k1_GagaJLNzbTnEjgOJXAk0YnbU
date: Tue, 07 Jun 2022 20:28:45 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CCAF
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEo6woao2nu8SVaT-_U4Hgg&google_cver=1&google_push=AYg5qPKixB5k3iqrgM2RK6zOpUBKHSZd1t99SQokkP2rHOFNfLMB2GtlQZgQLMlYfCXVzymoyAg...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDQ0TTc1VFQtVy1DRDRC&google_push=AYg5qPKixB5k3iqrgM2RK6zOpUBKHSZd1t99SQokkP2rHOFNfLMB2GtlQZgQLMlYfCXVzymoyAgIiowJtUehzlPnpJtjDagalrk

170 B
188 B

79ms
37ms

Image
image/png

142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDQ0TTc1VFQtVy1DRDRC&google_push=AYg5qPKixB5k3iqrgM2RK6zOpUBKHSZd1t99SQokkP2rHOFNfLMB2GtlQZgQLMlYfCXVzymoyAgIiowJtUehzlPnpJtjDagalrk

Requested by

Protocol

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDQ0TTc1VFQtVy1DRDRC&google_push=AYg5qPKixB5k3iqrgM2RK6zOpUBKHSZd1t99SQokkP2rHOFNfLMB2GtlQZgQLMlYfCXVzymoyAgIiowJtUehzlPnpJtjDagalrk
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 8eb2d9eeed9b9c468975d0ba24565e5b
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CCAF
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEEj1Bz1Gm_BnDCGWbM27VQA&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEEj1Bz1Gm_BnDCGWbM27VQA&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yp-0_U_N5VgpX23pa3mscwAAAiUAAAIB&google_push=AYg5qPI4dUZWao-EzBfMf3gARBsbslsYVWijUcSUgzEItbEQqGjJVDlzLqBFxFJKgDGIPJJw4cO3mopraKiiAMn9tj...

170 B
188 B

37ms
36ms

Image
image/png

142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yp-0_U_N5VgpX23pa3mscwAAAiUAAAIB&google_push=AYg5qPI4dUZWao-EzBfMf3gARBsbslsYVWijUcSUgzEItbEQqGjJVDlzLqBFxFJKgDGIPJJw4cO3mopraKiiAMn9tjzUXrXlXJA&google_gid=CAESEEj1Bz1Gm_BnDCGWbM27VQA&google_cver=1

Requested by

Host: www.onlinethreatalerts.com
URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/

Protocol

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 07 Jun 2022 20:28:45 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yp-0_U_N5VgpX23pa3mscwAAAiUAAAIB&google_push=AYg5qPI4dUZWao-EzBfMf3gARBsbslsYVWijUcSUgzEItbEQqGjJVDlzLqBFxFJKgDGIPJJw4cO3mopraKiiAMn9tjzUXrXlXJA&google_gid=CAESEEj1Bz1Gm_BnDCGWbM27VQA&google_cver=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 459
Expires: Tue, 07 Jun 2022 20:28:45 GMT

GET
H2 200 trk
ag.innovid.com/ Frame CCAF 43 B
296 B 376ms
33ms Image
image/gif 2600:1f16:b8a:8e02:82e6:f9c9:6ed6:87f4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEDT5vEKNd7AmacQOW74_VhE&google_cver=1&google_push=AYg5qPKyDM69WZS0IQOW1_yzDkdo0l0Z5FNel0UPaXf0zFuoPbf7yg81-PMTs0FVWr9w8fWU4by9UGcWEm_y9usvqDQJ69EYaH7L
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=3175270842&adk=1981524452&adf=3304449892&pi=t.ma~as.3175270842&w=728&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724018&bpp=4&bdt=278&idt=520&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=355&ady=261&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=pcxmjEtr6k&p=https%3A//www.onlinethreatalerts.com&dtd=537
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f16:b8a:8e02:82e6:f9c9:6ed6:87f4 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:46 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 1
expires: -1

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame CCAF 0
232 B 87ms
33ms Image
text/html 142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KACzIGD3dvmsglzFOfQ-xfh-yc5o0R9WJQNMkzg0SXIx8HA3NqoQrIhGrhL_s15vg_OpWl

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:28:45 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C427
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

40ms
39ms

Document
text/html

2607:f8b0:4006:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 07 Jun 2022 20:28:45 GMT
expires: Tue, 07 Jun 2022 20:28:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 07 Jun 2022 20:28:45 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 9716 28 KB
28 KB 70ms
20ms Font
font/woff2 2607:f8b0:4006:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2003 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 20:34:36 GMT
x-content-type-options: nosniff
age: 518049
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Jun 2023 20:34:36 GMT

GET
DATA 200
OK truncated
/ Frame 6CC7 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4d7e6c7733f6d4dbdc1da2a3aeb2eb51447e6ea1b56ce9ff049e0d0774195d1e

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A492 143 B
163 B 21ms
19ms Document
text/html 2607:f8b0:4006:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=7085129746&adk=3384180819&adf=2422321695&pi=t.ma~as.7085129746&w=699&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=699x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724024&bpp=1&bdt=284&idt=606&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dfd66a6d275f1ed08-2279f4cfd2d20047%3AT%3D1654633724%3ART%3D1654633724%3AS%3DALNI_MYSQHmxBeBea7UsDSP5aXIwJHfJKA&gpic=UID%3D000005f6e218a414%3AT%3D1654633724%3ART%3D1654633724%3AS%3DALNI_MbXajxRJN6TsqA9wNfkNMJGXy58Ew&prev_fmts=0x0%2C728x280%2C728x280%2C699x280&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=370&ady=2884&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=fEO0zEAAC8&p=https%3A//www.onlinethreatalerts.com&dtd=613
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 41
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Tue, 07 Jun 2022 20:28:04 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E0B6 1 KB
749 B 23ms
22ms Document
text/html 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 14863
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 07 Jun 2022 16:21:02 GMT
etag: 48472445140208031
expires: Wed, 08 Jun 2022 16:21:02 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame 9860 4 KB
594 B 40ms
37ms Stylesheet
text/css 2607:f8b0:4006:807::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700|Roboto:900

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18053640762837540807/b1fdcde002f69c304804aab912245eed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::200a Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

80e498438e934eb29a3200d9c942f9b38067fda5fbf64fc1a63c1fa66741b581

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 07 Jun 2022 20:28:45 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 07 Jun 2022 20:28:45 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 07 Jun 2022 20:28:45 GMT

GET
H3 200 c356d68f5b7fef7b4409217d50a66b7e.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18053640762837540807/media/ Frame 9860 43 KB
43 KB 22ms
19ms Image
image/jpeg 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18053640762837540807/media/c356d68f5b7fef7b4409217d50a66b7e.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18053640762837540807/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f680a40b063c5c5a4bff2d39ec55b7129d2916268c2888e806ebdd3b4c9c59a0

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 6172
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43867
x-xss-protection: 0
last-modified: Thu, 12 May 2022 15:35:50 GMT
server: sffe
date: Tue, 07 Jun 2022 18:45:53 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 07 Jun 2023 18:45:53 GMT

GET
H3 200 e1a1ae33dba7085f49d6c3b51e33e215.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18053640762837540807/media/ Frame 9860 10 KB
10 KB 28ms
25ms Image
image/png 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18053640762837540807/media/e1a1ae33dba7085f49d6c3b51e33e215.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18053640762837540807/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

264fca0835cd84b5acd639c412638143d3600939d138c0a998057f1234f2ffcf

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 519683
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10281
x-xss-protection: 0
last-modified: Thu, 12 May 2022 15:35:50 GMT
server: sffe
date: Wed, 01 Jun 2022 20:07:22 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 01 Jun 2023 20:07:22 GMT

GET
H3 200 093640a6e81d85311bed688a0ac67531.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18053640762837540807/media/ Frame 9860 4 KB
4 KB 30ms
28ms Image
image/png 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18053640762837540807/media/093640a6e81d85311bed688a0ac67531.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/18053640762837540807/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

501474be0b36a3ce009b45a09ed7bd075063ccb26e8a4a5af8e624dfe73681c1

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 6172
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4445
x-xss-protection: 0
last-modified: Thu, 12 May 2022 15:35:50 GMT
server: sffe
date: Tue, 07 Jun 2022 18:45:53 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 07 Jun 2023 18:45:53 GMT

GET
DATA 200
OK truncated
/ Frame 6CC7 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b78a91fcf472627ef755cc7633095a3c7a45713780c72222e75e60bdee8cf0f1

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v29/ Frame 6CC7 44 KB
44 KB 63ms
20ms Font
font/woff2 2607:f8b0:4006:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v29/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open%20Sans%3A400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2003 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a658b2be7323c57d4bd5c4197b657e1f5360d1b950131dc377efec1d5111ffd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 19:32:38 GMT
x-content-type-options: nosniff
age: 521767
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44800
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:25:14 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Jun 2023 19:32:38 GMT

GET
H3 200 fitY9DN5Eb8XnEderF92e3R8KkCh_qe_gU10Y1cTXMc.js Show response
pagead2.googlesyndication.com/bg/ Frame 1F5B 36 KB
14 KB 22ms
21ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/fitY9DN5Eb8XnEderF92e3R8KkCh_qe_gU10Y1cTXMc.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e2b58f4337911bf179c475eac5f767b747c2a40a1fea7bf814d746357135cc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Thu, 02 Jun 2022 19:27:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 435675
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13889
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 02 Jun 2023 19:27:30 GMT

GET
H3 200 KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 9860 15 KB
15 KB 23ms
22ms Font
font/woff2 2607:f8b0:4006:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700|Roboto:900

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2003 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 19:32:22 GMT
x-content-type-options: nosniff
age: 521783
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15752
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Jun 2023 19:32:22 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 9860 15 KB
16 KB 31ms
29ms Font
font/woff2 2607:f8b0:4006:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700|Roboto:900

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2003 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 19:31:57 GMT
x-content-type-options: nosniff
age: 521808
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Jun 2023 19:31:57 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E0B6
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEEMOG2a9O_xv-G9D-gCQIJ0&google_cver=1&google_push=AYg5qPIYHRlqEBpM0BDPT9cBpHH-9R7fMEd87oxyn3fZSJhQ-vgLrbLh2U...
https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=B765081F39B1F7&google_push=AYg5qPIYHRlqEBpM0BDPT9cBpHH-9R7fMEd87oxyn3fZSJhQ-vgLrbLh2UncP3KgMAj7KKHnQGRwHX4UZxmqF9HLDLufy5ix5w&google_hm=SenrYdRF...

170 B
188 B

38ms
38ms

Image
image/png

142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=B765081F39B1F7&google_push=AYg5qPIYHRlqEBpM0BDPT9cBpHH-9R7fMEd87oxyn3fZSJhQ-vgLrbLh2UncP3KgMAj7KKHnQGRwHX4UZxmqF9HLDLufy5ix5w&google_hm=SenrYdRFarzRQztLGZXfyg

Requested by

Protocol

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=B765081F39B1F7&google_push=AYg5qPIYHRlqEBpM0BDPT9cBpHH-9R7fMEd87oxyn3fZSJhQ-vgLrbLh2UncP3KgMAj7KKHnQGRwHX4UZxmqF9HLDLufy5ix5w&google_hm=SenrYdRFarzRQztLGZXfyg
pragma: no-cache
date: Tue, 07 Jun 2022 20:28:45 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E0B6
Redirect Chain

https://beacon.walmart.com/etap.gif?tap=gAds&google_gid=CAESEOFYYMBeFZkCTtNT8jm2DDQ&google_cver=1&google_push=AYg5qPKFrMZMgHtbr1zMMyN-4_kdHTMTwLuo0-umbJGdpu4RdkeIkXCanOR0rYM0C2SQbBt5ziInH_u5Sa6v3Jh...
https://cm.g.doubleclick.net/pixel?google_nid=walmart&google_hm=dr6_NzGYfLXMxbunR_Q-f8&tap=gAds&google_gid=CAESEOFYYMBeFZkCTtNT8jm2DDQ&google_cver=1&google_push=AYg5qPKFrMZMgHtbr1zMMyN-4_kdHTMTwLuo...

170 B
188 B

38ms
38ms

Image
image/png

142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=walmart&google_hm=dr6_NzGYfLXMxbunR_Q-f8&tap=gAds&google_gid=CAESEOFYYMBeFZkCTtNT8jm2DDQ&google_cver=1&google_push=AYg5qPKFrMZMgHtbr1zMMyN-4_kdHTMTwLuo0-umbJGdpu4RdkeIkXCanOR0rYM0C2SQbBt5ziInH_u5Sa6v3Jh31CnjDITWh_Y

Requested by

Protocol

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

strict-transport-security: max-age=7884000; includeSubDomains
via: HTTP/2.0 odnd
last-modified: Tue, 24 May 2022 19:58:11 GMT
date: Tue, 07 Jun 2022 20:28:40 GMT
content-type: text/plain; charset=utf-8
location: https://cm.g.doubleclick.net/pixel?google_nid=walmart&google_hm=dr6_NzGYfLXMxbunR_Q-f8&tap=gAds&google_gid=CAESEOFYYMBeFZkCTtNT8jm2DDQ&google_cver=1&google_push=AYg5qPKFrMZMgHtbr1zMMyN-4_kdHTMTwLuo0-umbJGdpu4RdkeIkXCanOR0rYM0C2SQbBt5ziInH_u5Sa6v3Jh31CnjDITWh_Y
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
content-length: 0
x-tb: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E0B6
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=QfiyMth2SxekDmlJHbi-Hw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

38ms
37ms

Image
image/png

142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=QfiyMth2SxekDmlJHbi-Hw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLux3ra7c9I8KkD6OKxuXtzfsoetxA6OUt4w2V6aU2P2t-ipPM_tsysROYcRZiaRg6BOqyUYO6KtqZ8lJFmOFCHeQvAwS4

Requested by

Protocol

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=QfiyMth2SxekDmlJHbi-Hw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLux3ra7c9I8KkD6OKxuXtzfsoetxA6OUt4w2V6aU2P2t-ipPM_tsysROYcRZiaRg6BOqyUYO6KtqZ8lJFmOFCHeQvAwS4
date: Tue, 07 Jun 2022 20:28:45 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E0B6
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIC6_k6mKDZM_lM0KkxDxUY&google_cver=1&google_push=AYg5qPLvIO5brdAXa2XbYbGbAh5_P2WQ9ndyAIeV7Pj-dJqh1_uRA-pc2Eiz3azz5YUsQyMo-IE...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDQ0TTc1WVYtWC03RDBP&google_push=AYg5qPLvIO5brdAXa2XbYbGbAh5_P2WQ9ndyAIeV7Pj-dJqh1_uRA-pc2Eiz3azz5YUsQyMo-IEQfq4mVT770jCLeza3kOdGQZw

170 B
188 B

36ms
36ms

Image
image/png

142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDQ0TTc1WVYtWC03RDBP&google_push=AYg5qPLvIO5brdAXa2XbYbGbAh5_P2WQ9ndyAIeV7Pj-dJqh1_uRA-pc2Eiz3azz5YUsQyMo-IEQfq4mVT770jCLeza3kOdGQZw

Requested by

Protocol

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDQ0TTc1WVYtWC03RDBP&google_push=AYg5qPLvIO5brdAXa2XbYbGbAh5_P2WQ9ndyAIeV7Pj-dJqh1_uRA-pc2Eiz3azz5YUsQyMo-IEQfq4mVT770jCLeza3kOdGQZw
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: c3b5432477546c086cd062707f625a76
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E0B6
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEIJFEWFYuGyjbpsOQURzN3s&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yp-0_U_N5VgpX23pa3mscwAAAiUAAAIB&google_cver=1&google_gid=CAESEIJFEWFYuGyjbpsOQURzN3s&google_push=AYg5qPJeDCi8Tai577fD_IRJX364Yund2qbw1...

170 B
188 B

38ms
38ms

Image
image/png

142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yp-0_U_N5VgpX23pa3mscwAAAiUAAAIB&google_cver=1&google_gid=CAESEIJFEWFYuGyjbpsOQURzN3s&google_push=AYg5qPJeDCi8Tai577fD_IRJX364Yund2qbw1Z_WKSED4iXcRQ1A4kFJ9COCIJ7Ak9PJ-raNnwvPWX4p8jhFCp5t9aT4NN98sg

Requested by

Protocol

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 07 Jun 2022 20:28:45 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yp-0_U_N5VgpX23pa3mscwAAAiUAAAIB&google_cver=1&google_gid=CAESEIJFEWFYuGyjbpsOQURzN3s&google_push=AYg5qPJeDCi8Tai577fD_IRJX364Yund2qbw1Z_WKSED4iXcRQ1A4kFJ9COCIJ7Ak9PJ-raNnwvPWX4p8jhFCp5t9aT4NN98sg
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 458
Expires: Tue, 07 Jun 2022 20:28:45 GMT

GET
H2 200 trk
ag.innovid.com/ Frame E0B6 43 B
295 B 122ms
34ms Image
image/gif 2600:1f16:b8a:8e02:82e6:f9c9:6ed6:87f4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESENdLU9ioziAu7qZnxYcvQ_I&google_cver=1&google_push=AYg5qPIgMQ97c_0OAEaV8SRBVIP0DhipRC6xY-EGaUx8xQGD3z08Rr--Zc_DAHHyLNskBb6AkORTzkID4gGsuf65jBRu2xpoRIk
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=7085129746&adk=3384180819&adf=2422321695&pi=t.ma~as.7085129746&w=699&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=699x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724024&bpp=1&bdt=284&idt=606&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dfd66a6d275f1ed08-2279f4cfd2d20047%3AT%3D1654633724%3ART%3D1654633724%3AS%3DALNI_MYSQHmxBeBea7UsDSP5aXIwJHfJKA&gpic=UID%3D000005f6e218a414%3AT%3D1654633724%3ART%3D1654633724%3AS%3DALNI_MbXajxRJN6TsqA9wNfkNMJGXy58Ew&prev_fmts=0x0%2C728x280%2C728x280%2C699x280&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=370&ady=2884&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=fEO0zEAAC8&p=https%3A//www.onlinethreatalerts.com&dtd=613
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f16:b8a:8e02:82e6:f9c9:6ed6:87f4 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:46 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 1
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E0B6
Redirect Chain

https://cc.adingo.jp/adx/push/?google_gid=CAESEH7XCIjSegi5_mkCDyEbT90&google_cver=1&google_push=AYg5qPKOs_WM8S2oOiRope4Qm4jlgsxs31iIqMZHBo-w4S_DwlKn46-u-ZP-i-xBEWVXFFTCa4pKFiHBL7gChO81Dar5ryOFihk
https://cm.g.doubleclick.net/pixel?google_nid=fluct_eb&google_push=AYg5qPKOs_WM8S2oOiRope4Qm4jlgsxs31iIqMZHBo-w4S_DwlKn46-u-ZP-i-xBEWVXFFTCa4pKFiHBL7gChO81Dar5ryOFihk&google_hm=3e072a9d346d2d9209da...

170 B
188 B

37ms
36ms

Image
image/png

142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=fluct_eb&google_push=AYg5qPKOs_WM8S2oOiRope4Qm4jlgsxs31iIqMZHBo-w4S_DwlKn46-u-ZP-i-xBEWVXFFTCa4pKFiHBL7gChO81Dar5ryOFihk&google_hm=3e072a9d346d2d9209da14bd6654c5d3

Requested by

Protocol

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=fluct_eb&google_push=AYg5qPKOs_WM8S2oOiRope4Qm4jlgsxs31iIqMZHBo-w4S_DwlKn46-u-ZP-i-xBEWVXFFTCa4pKFiHBL7gChO81Dar5ryOFihk&google_hm=3e072a9d346d2d9209da14bd6654c5d3
date: Tue, 07 Jun 2022 20:28:46 GMT
server: nginx
content-type: text/html; charset=UTF-8
p3p: CP=NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa HISa OUR SAMa OTRa STP UNI STA

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame E0B6 0
12 B 41ms
34ms Image
text/html 142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JJOuS-i4hNyB1MkfIsdpiFlibADroZ-48t1tpuzcftwRUbXoZNf3fZrpzclOmnEwLs16ig

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:28:45 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A492
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

38ms
37ms

Document
text/html

2607:f8b0:4006:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 07 Jun 2022 20:28:46 GMT
expires: Tue, 07 Jun 2022 20:28:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 07 Jun 2022 20:28:45 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 5081847995751192152
tpc.googlesyndication.com/simgad/ Frame CA32 32 KB
32 KB 23ms
21ms Image
image/png 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5081847995751192152?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qkCANxncJtVJOZZtg_2pPYaHfLbPQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=6277945241&adk=1090081780&adf=2106144157&pi=t.ma~as.6277945241&w=699&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=699x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724023&bpp=1&bdt=283&idt=582&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x280%2C728x280&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=370&ady=2202&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=BZO7ygZ9L9&p=https%3A//www.onlinethreatalerts.com&dtd=592

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fbc555fedf94b403ab86849e10805289960519d2470c2acd72a1b7c04630da75

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Fri, 03 Jun 2022 15:31:46 GMT
x-content-type-options: nosniff
age: 363419
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32478
x-xss-protection: 0
last-modified: Fri, 03 Jun 2022 14:23:58 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 03 Jun 2023 15:31:46 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220606/r20110914/ Frame CA32 21 KB
9 KB 21ms
20ms Script
text/javascript 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220606/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de84e217abb7ead0e28d3175eae9f1187cc9a6ac93de7711c4ca14a118809778

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:22:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 396
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8701
x-xss-protection: 0
server: cafe
etag: 7038200677561849530
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Jun 2022 20:22:09 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220606/r20110914/client/ Frame CA32 3 KB
1 KB 21ms
19ms Script
text/javascript 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220606/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:26:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 137
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Jun 2022 20:26:29 GMT

GET
H3 200 transparent.png
tpc.googlesyndication.com/pagead/images/ Frame CA32 67 B
95 B 22ms
21ms Image
image/png 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/transparent.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 01:09:44 GMT
x-content-type-options: nosniff
server: cafe
age: 69542
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 2462972746714251406
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67
x-xss-protection: 0
expires: Wed, 08 Jun 2022 01:09:44 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CA32 138 KB
42 KB 43ms
42ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ff2968fef8c191871ce7f2dab4e5f32b8c372fb605f0b210cf9015843ed859e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:28:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43419
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1654515382487150"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 07 Jun 2022 20:28:46 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220606/r20110914/client/ Frame CA32 17 KB
7 KB 20ms
19ms Script
text/javascript 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220606/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4e40cd2f9b3804c4c981db3e8a482687e3a455d780e7b305a5c598809920bcab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:27:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 90
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7351
x-xss-protection: 0
server: cafe
etag: 330450436367057301
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 21 Jun 2022 20:27:16 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame CA32 0
0 38ms
37ms Image
text/html 2607:f8b0:4006:807::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSifuFidXCy0rZQfqe0h6p5Gl2_mnJJb0vFCun-R0T8-bZ8OFHoLL39eB-UKvaxkcyRj0gnNfjwJBWyBgiM063VZwDrtw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=6277945241&adk=1090081780&adf=2106144157&pi=t.ma~as.6277945241&w=699&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=699x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724023&bpp=1&bdt=283&idt=582&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x280%2C728x280&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=370&ady=2202&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=BZO7ygZ9L9&p=https%3A//www.onlinethreatalerts.com&dtd=592
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:807::2004 Mullica Hill, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

GET
H3 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220606/r20110914/client/ Frame CA32 32 KB
13 KB 22ms
21ms Script
text/javascript 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220606/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7b5f7a8738cea026482ec8051f74700313fcc9be6b210be1a45dd86bfc3d93d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 21:18:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83440
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13073
x-xss-protection: 0
server: cafe
etag: 17118480071107141432
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Jun 2022 21:18:06 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame CA32 0
0 91ms
90ms Fetch
text/html 2607:f8b0:4006:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CWKNj_LSfYvrEJ6SMoPMPxvCg-AyC0v2bZ7zaooiAENqVsu6ZDhABIN31hB5g_eiigfADoAHV1pb-A8gBAqkC3iL3u2TDqj6oAwHIA8kEqgSZAk_QP392GTgT_dLqAS9HFChbxZvE6PAGIiRVh-3Wz1uJxL3uEskPpWKxvVyjsDQ7J_f4DbCGbR-0VVSy22cZyKCqbOvzQ4B7M3z9ZjoC2yTvQYNWljy_i5OFTxzT1UYGlC4ivaaupX1-e0ehhvqU3E-T9D9B7TaCxw5vgyjBbVGBh_xQ72Quq-xXNJBU7ciq3FhNZVhwCi5yrgOgWWsxcCBI3df_vj0BYMHEawJK4wOjpCyWMqkILVkDlfXL5yTgZ7HZ8tefFzNCgmgQYXodRZ3qsoKjHG_2SAmkVm2Karw6wd-l5QqeW3xNhhwbXlWc-vAgZbwNBAmL8QoaPe8dFwtxwXXM3K5ycCjmXdvTxEXl2EO30ndmgtrnwATl6OuR9gKSBQQIBBgBkgUECAUYBKAGAoAHk6npAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEELPXGdIIDwiAYRABGB8yAooCOgKAQIAKAcgLAdgTDdAVAZgWAYAXAbIXHAoaCAASFHB1Yi04NzQ2OTEwMTg2NTIyNjI1GAA&sigh=SXNg5VsxZdU&uach_m=[UACH]

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=6277945241&adk=1090081780&adf=2106144157&pi=t.ma~as.6277945241&w=699&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=699x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724023&bpp=1&bdt=283&idt=582&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x280%2C728x280&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=370&ady=2202&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=BZO7ygZ9L9&p=https%3A//www.onlinethreatalerts.com&dtd=592
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 07 Jun 2022 20:28:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 fitY9DN5Eb8XnEderF92e3R8KkCh_qe_gU10Y1cTXMc.js Show response
pagead2.googlesyndication.com/bg/ Frame 9860 36 KB
14 KB 21ms
20ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/fitY9DN5Eb8XnEderF92e3R8KkCh_qe_gU10Y1cTXMc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e2b58f4337911bf179c475eac5f767b747c2a40a1fea7bf814d746357135cc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Thu, 02 Jun 2022 19:27:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 435676
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13889
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 02 Jun 2023 19:27:30 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7603 143 B
163 B 25ms
21ms Document
text/html 2607:f8b0:4006:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=6277945241&adk=1090081780&adf=2106144157&pi=t.ma~as.6277945241&w=699&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=699x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724023&bpp=1&bdt=283&idt=582&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x280%2C728x280&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=370&ady=2202&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=BZO7ygZ9L9&p=https%3A//www.onlinethreatalerts.com&dtd=592
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 42
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Tue, 07 Jun 2022 20:28:04 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3719 1 KB
749 B 25ms
23ms Document
text/html 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 14864
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 07 Jun 2022 16:21:02 GMT
etag: 48472445140208031
expires: Wed, 08 Jun 2022 16:21:02 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame CA32 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d516ed3fdd3897f251319a930aaf691ad719450ceb7ef1fd856bcbf7a19e3d5e

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3719
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEAsNhpcPNRN97v-jjCNerrM&google_cver=1&google_push=AYg5qPKNXDUFO0mnIsaG1EaBjE3GaqMBtd2wXPVcdjFVUVKarsV_blOcaQ...
https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=B765081F39B1F7&google_push=AYg5qPKNXDUFO0mnIsaG1EaBjE3GaqMBtd2wXPVcdjFVUVKarsV_blOcaQ3p0S4S8Bw75-I1cfA-hdYZUE8m4KWfD-TUZq-vG989wpoTJwJUesqjJP5tB...

170 B
188 B

42ms
37ms

Image
image/png

142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=B765081F39B1F7&google_push=AYg5qPKNXDUFO0mnIsaG1EaBjE3GaqMBtd2wXPVcdjFVUVKarsV_blOcaQ3p0S4S8Bw75-I1cfA-hdYZUE8m4KWfD-TUZq-vG989wpoTJwJUesqjJP5tBtTQfsV7AMkAFqJ0ng6UEjKf1jA&google_hm=SenrYdRFarzRQztLGZXfyg

Protocol

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=B765081F39B1F7&google_push=AYg5qPKNXDUFO0mnIsaG1EaBjE3GaqMBtd2wXPVcdjFVUVKarsV_blOcaQ3p0S4S8Bw75-I1cfA-hdYZUE8m4KWfD-TUZq-vG989wpoTJwJUesqjJP5tBtTQfsV7AMkAFqJ0ng6UEjKf1jA&google_hm=SenrYdRFarzRQztLGZXfyg
pragma: no-cache
date: Tue, 07 Jun 2022 20:28:46 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3719
Redirect Chain

https://odr.mookie1.com/t/v2/sync?tagid=V2_4530&src.visitorid=CAESEPxFY7XYPYDIcv-TYqlX48k&google_cver=1&google_push=AYg5qPKQJO8KKVcUmqxFj2yAVa8FapO5V1kab5ZGEHZnJH04HpiQsIiDZKErZx7r3582znjErNssnCIfN...
https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dev_dmp&google_push=AYg5qPKQJO8KKVcUmqxFj2yAVa8FapO5V1kab5ZGEHZnJH04HpiQsIiDZKErZx7r3582znjErNssnCIfNbFicdzEMDATCUtbEDT4wXM_VMZKRglkSLUc7l-u4mwdi...

170 B
188 B

36ms
35ms

Image
image/png

142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dev_dmp&google_push=AYg5qPKQJO8KKVcUmqxFj2yAVa8FapO5V1kab5ZGEHZnJH04HpiQsIiDZKErZx7r3582znjErNssnCIfNbFicdzEMDATCUtbEDT4wXM_VMZKRglkSLUc7l-u4mwdi_3kifGDVkFig0ksva4&google_hm=MTA1OTUzNTE0NDU5NDY2MTU3MTE

Protocol

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:46 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
location: https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dev_dmp&google_push=AYg5qPKQJO8KKVcUmqxFj2yAVa8FapO5V1kab5ZGEHZnJH04HpiQsIiDZKErZx7r3582znjErNssnCIfNbFicdzEMDATCUtbEDT4wXM_VMZKRglkSLUc7l-u4mwdi_3kifGDVkFig0ksva4&google_hm=MTA1OTUzNTE0NDU5NDY2MTU3MTE
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3719
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEIJFt-r02CRRZABmBMYHIos&google_cver=1&google_push=AYg5qPJ2PmzPm4rYQPw8fPe1KR2rygdFHh6acbvgx1oIvbvdK4sx8uuHAiWREmQy4i1UtzmQd3b66i7QNJt5hGWa73n-j8VOTZ41t...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJ2PmzPm4rYQPw8fPe1KR2rygdFHh6acbvgx1oIvbvdK4sx8uuHAiWREmQy4i1UtzmQd3b66i7QNJt5hGWa73n-j8VOTZ41toN6LHaow6ECiOJKk8W1JNfKDE8S-tOBW2...

170 B
188 B

55ms
54ms

Image
image/png

142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJ2PmzPm4rYQPw8fPe1KR2rygdFHh6acbvgx1oIvbvdK4sx8uuHAiWREmQy4i1UtzmQd3b66i7QNJt5hGWa73n-j8VOTZ41toN6LHaow6ECiOJKk8W1JNfKDE8S-tOBW2b9L5arMTA&google_hm=CSGNuRuCxhUDWmO3UBm1Qg==

Protocol

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:45 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJ2PmzPm4rYQPw8fPe1KR2rygdFHh6acbvgx1oIvbvdK4sx8uuHAiWREmQy4i1UtzmQd3b66i7QNJt5hGWa73n-j8VOTZ41toN6LHaow6ECiOJKk8W1JNfKDE8S-tOBW2b9L5arMTA&google_hm=CSGNuRuCxhUDWmO3UBm1Qg==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-request-id: deonvgs7qiuscpp8n50t28pgtvtgrruq

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3719
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEGVkXp46HuEekjGeJpA_cf4&google_cver=1&google_push=AYg5qPLal1mvvbyhXhyvPecDqVr6WwHOo4mA7kRbzi8Xzi2R9IMUHkNyDsoC7jQkjMvHTmvK9mN...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDQ0TTc2N0stOS1DVFFU&google_push=AYg5qPLal1mvvbyhXhyvPecDqVr6WwHOo4mA7kRbzi8Xzi2R9IMUHkNyDsoC7jQkjMvHTmvK9mN7g3B_2KwubUP_SB1hY9xjqYOtUrgoZ...

170 B
188 B

38ms
37ms

Image
image/png

142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDQ0TTc2N0stOS1DVFFU&google_push=AYg5qPLal1mvvbyhXhyvPecDqVr6WwHOo4mA7kRbzi8Xzi2R9IMUHkNyDsoC7jQkjMvHTmvK9mN7g3B_2KwubUP_SB1hY9xjqYOtUrgoZvB_Sovjxhvj4Z1hsgnNdZnkWTxotqfTulqqWzI

Protocol

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDQ0TTc2N0stOS1DVFFU&google_push=AYg5qPLal1mvvbyhXhyvPecDqVr6WwHOo4mA7kRbzi8Xzi2R9IMUHkNyDsoC7jQkjMvHTmvK9mN7g3B_2KwubUP_SB1hY9xjqYOtUrgoZvB_Sovjxhvj4Z1hsgnNdZnkWTxotqfTulqqWzI
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: d3682eda7e5cb79782b1d5475f50e8fc
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3719
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPTUPXHNR78wZWIoIa5nISs&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yp-0_U_N5VgpX23pa3mscwAAAiUAAAIB&google_push=AYg5qPIshnatvGrTw0GPL3f1iNb7v0g3zyvj2rIiNWxExn5JaMiEu4xuty2iQJV9sGxKK0J3qrOOHtpiLhc-2d1GwZ...

170 B
188 B

48ms
48ms

Image
image/png

142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yp-0_U_N5VgpX23pa3mscwAAAiUAAAIB&google_push=AYg5qPIshnatvGrTw0GPL3f1iNb7v0g3zyvj2rIiNWxExn5JaMiEu4xuty2iQJV9sGxKK0J3qrOOHtpiLhc-2d1GwZyNqrKIVsngrXF44wgloQuQ8ZoVuGdsT6h2x-vTss4iMCBsQMH1img&google_gid=CAESEPTUPXHNR78wZWIoIa5nISs&google_cver=1

Protocol

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 07 Jun 2022 20:28:46 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yp-0_U_N5VgpX23pa3mscwAAAiUAAAIB&google_push=AYg5qPIshnatvGrTw0GPL3f1iNb7v0g3zyvj2rIiNWxExn5JaMiEu4xuty2iQJV9sGxKK0J3qrOOHtpiLhc-2d1GwZyNqrKIVsngrXF44wgloQuQ8ZoVuGdsT6h2x-vTss4iMCBsQMH1img&google_gid=CAESEPTUPXHNR78wZWIoIa5nISs&google_cver=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 503
Expires: Tue, 07 Jun 2022 20:28:46 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3719
Redirect Chain

https://ag.innovid.com/trk?tid=11711&google_gid=CAESEA8Sw4ZOIvlJ1yTg-Y_qs-U&google_cver=1&google_push=AYg5qPIY_gG5wuBQW-QhIkZQiYPKx7vZS_JZzy2kloEUGyiCMrK2hpDuKKyVCKi6P037ZPPC22MEmBGwPWzavoC5VBsE1jL...
https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPIY_gG5wuBQW-QhIkZQiYPKx7vZS_JZzy2kloEUGyiCMrK2hpDuKKyVCKi6P037ZPPC22MEmBGwPWzavoC5VBsE1jL9WFGDta0YlmvVH2n2z0r8HbBfOhOY0oz...

170 B
188 B

54ms
54ms

Image
image/png

142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPIY_gG5wuBQW-QhIkZQiYPKx7vZS_JZzy2kloEUGyiCMrK2hpDuKKyVCKi6P037ZPPC22MEmBGwPWzavoC5VBsE1jL9WFGDta0YlmvVH2n2z0r8HbBfOhOY0ozxpnsIRF1MLXQdEMU&google_hm=C65CoroFQXyHj12nrjCKWg

Protocol

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPIY_gG5wuBQW-QhIkZQiYPKx7vZS_JZzy2kloEUGyiCMrK2hpDuKKyVCKi6P037ZPPC22MEmBGwPWzavoC5VBsE1jL9WFGDta0YlmvVH2n2z0r8HbBfOhOY0ozxpnsIRF1MLXQdEMU&google_hm=C65CoroFQXyHj12nrjCKWg
pragma: no-cache
date: Tue, 07 Jun 2022 20:28:46 GMT
cache-control: no-cache
content-length: 0
request-time: 1
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3719
Redirect Chain

https://cc.adingo.jp/adx/push/?google_gid=CAESEAKCi9t6lshHsrpaY8rpZl4&google_cver=1&google_push=AYg5qPIY7oxpvdYYn1_4D3umchebkJ0x30rbb59Icx8MfzVJZ9sY7BvaEVp0jfuu47dBLm66MEQRxxmevB3yOln4gjwPF_uARZ_XX...
https://cm.g.doubleclick.net/pixel?google_nid=fluct_eb&google_push=AYg5qPIY7oxpvdYYn1_4D3umchebkJ0x30rbb59Icx8MfzVJZ9sY7BvaEVp0jfuu47dBLm66MEQRxxmevB3yOln4gjwPF_uARZ_XXlr_rmzyudsXTG8A5PjGSoB20j01vr...

170 B
188 B

61ms
61ms

Image
image/png

142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=fluct_eb&google_push=AYg5qPIY7oxpvdYYn1_4D3umchebkJ0x30rbb59Icx8MfzVJZ9sY7BvaEVp0jfuu47dBLm66MEQRxxmevB3yOln4gjwPF_uARZ_XXlr_rmzyudsXTG8A5PjGSoB20j01vrYbUqcwwbaSprY&google_hm=3e072a9d346d2d9209da14bd6654c5d3

Protocol

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=fluct_eb&google_push=AYg5qPIY7oxpvdYYn1_4D3umchebkJ0x30rbb59Icx8MfzVJZ9sY7BvaEVp0jfuu47dBLm66MEQRxxmevB3yOln4gjwPF_uARZ_XXlr_rmzyudsXTG8A5PjGSoB20j01vrYbUqcwwbaSprY&google_hm=3e072a9d346d2d9209da14bd6654c5d3
date: Tue, 07 Jun 2022 20:28:46 GMT
server: nginx
content-type: text/html; charset=UTF-8
p3p: CP=NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa HISa OUR SAMa OTRa STP UNI STA

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 3719 0
12 B 36ms
35ms Image
text/html 142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J6bwsgKIX5Xm4w5pcLsyRzWiQqeeGg_UjkX_bhXTRbYHEJSoIMuZiDnANt5og-uymV-AgH

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:28:46 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
10 KB 43ms
42ms XHR
application/json 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220602&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206020101/show_ads_impl_fy2019.js?bust=31067908

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b8021f9e7e820c5b7ce92d011e93494f3360f253e2bd212ab7f373432e8c6531

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 07 Jun 2022 20:28:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10586
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7603
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

37ms
36ms

Document
text/html

2607:f8b0:4006:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 07 Jun 2022 20:28:46 GMT
expires: Tue, 07 Jun 2022 20:28:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 07 Jun 2022 20:28:46 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 fitY9DN5Eb8XnEderF92e3R8KkCh_qe_gU10Y1cTXMc.js Show response
pagead2.googlesyndication.com/bg/ Frame 120C 36 KB
14 KB 23ms
22ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/fitY9DN5Eb8XnEderF92e3R8KkCh_qe_gU10Y1cTXMc.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e2b58f4337911bf179c475eac5f767b747c2a40a1fea7bf814d746357135cc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Thu, 02 Jun 2022 19:27:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 435676
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13889
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 02 Jun 2023 19:27:30 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 42ms
42ms Script
text/javascript 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206020101/show_ads_impl_fy2019.js?bust=31067908

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:28:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 07 Jun 2022 20:28:46 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A00E 13 KB
5 KB 20ms
19ms Document
text/html 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onlinethreatalerts.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 50608
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 07 Jun 2022 06:25:18 GMT
expires: Wed, 07 Jun 2023 06:25:18 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame BCC0 783 B
534 B 40ms
39ms Document
text/html 2607:f8b0:4006:807::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2004 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f8f5712db1b5ee579f5a9d824dac4329aed4d9d7683fc24d7225b537d9e4e87b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-kcff9-rn8BMYVbKnCekfAQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onlinethreatalerts.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-kcff9-rn8BMYVbKnCekfAQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 07 Jun 2022 20:28:46 GMT
expires: Tue, 07 Jun 2022 20:28:46 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 b_DSvT5BjDf3L7mXasT585du80JYgOthzDrRF7aJqH4.js Show response
pagead2.googlesyndication.com/bg/ Frame A00E 36 KB
14 KB 21ms
21ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/b_DSvT5BjDf3L7mXasT585du80JYgOthzDrRF7aJqH4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ff0d2bd3e418c37f72fb9976ac4f9f3976ef3425880eb61cc3ad117b689a87e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 06 Jun 2022 04:59:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 142167
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13882
x-xss-protection: 0
last-modified: Tue, 24 May 2022 10:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 06 Jun 2023 04:59:19 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame BCC0 0
0 87ms
86ms Image
text/html 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220602&jk=3703245962492014&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:80d::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A00E 0
10 B 21ms
19ms Image
text/plain 2607:f8b0:4006:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?dFoh9Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:807::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 07 Jun 2022 20:28:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9716 42 B
64 B 88ms
87ms Fetch
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssidvJK-gtUcrrAeT-c6vhEhgHuP_Rw3k2kUmXmvLtoTnHx3KK0d3BmmCY4TjDeHg2x3UzU1Brf0kJovRq6VcNF0KlMPo8RVOOeBhAiO6_OPK5LAxyy4rSiyQ&sai=AMfl-YR2t2B0-vKVo4w6uaWfN_8U14eRH-JxhmDxCagdr5sVOqLDx7tXXr2vMdJzcZtiBV1yN67adiLGyDDklHoleCxMitb24QkNt5E&sig=Cg0ArKJSzCGifAiGdypLEAE&cid=CAASFeRoP8OyCnmAFD3LIED6WpqcqqAeXw&id=lidar2&mcvt=1000&p=0,0,280,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220606&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1981524452&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1654633724557&rpt=1272&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Jun 2022 20:28:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 92ms
91ms Image
text/html 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220602&jk=3703245962492014&bg=!hIelh8PNAAao8wy8iPM7ACkAdvg8WrGvm_X7U7TZcLM23kdJB2vErZb98DfMjZNetadyhUVjWAdlIgIAAACQUgAAAAJoAQcKABqoEtJKTwqkAryObWiM-vuMVAghJdcRPCDLMJkCsOg8cBIV54I_aK0a-g63a7paKpdSQquDfhFVLrzff7jNlMxTlhuqsvoRvG90ujjyzDSlHYGCU_G65e6WRVwsZbp8EQrvmhnYhuuMEATehk9PFOnL1nmhzISXJglUJ4PKSeovrWgG3245bpIxT8EkiMTMKwvpFruWDYD1Aax3CMH-HAo_OUiv-Wc8fUTFM8Iw3d3M21ZmSLCliXIe56GKF8msTXXCXMmnzx8N9VUYL5ypGwt2qHWwVbvjnpJixewJy1okW8sVZv5Kgkbp0WEAbyAFINfwlFWx2B6aJrq9QuKdbq0S2cjKcRtt69BPDwwfZYtwOli22IM4Grh55o2e_cFmNhy1NAcS77SVFipJb09h8MKPusjFe8gYIMi9v-bkdxaCSMsY75gRCd13TzHPx_aBCU0rxrSkZkXbYfo7WIUsE0Eae4TVNYJrAvQ5tqDz9-pixlScuNvjxie1icHHaCd53NR7GULbenEE_nTa0bVO-tLu8qaDLvJatKkVOTHuWZuYMW2K-jKVBjx-pmFY_3MpP4krDwmW3Z7NG1Si2gZQCBBo-tzBfWP9kGLtMtXsEMgYbUrBM7CBw01YjR-sONZHbrj7OFtw1yxPdJVQwvx6wl4Gle2qF3xeYyLswvbNdYLNJ26L6emeyl0mbZByuO_V6gff2i140cQAeBt5fVtxzJTPCvroDmHvLdsPJrb9hfUfAMOCuakuwFG_dazH9MOFJpnyuty_Qw_wTMO9RBFeqmUPoAxUjZbo0aAJqcU50PWFYrKOYAejUwngFE5f4p7vCp32OThsrEZtOSF16adhJFIWcoxK3M0bdCsnYii1Tl2ZsN-Vr-JKbySCY2DQrgEjHbtD8nBMgZZvOKRs8mrx7oWSs6G_v_QULEv_5qDM2I2mrtpOqirvcdKbEmKFVxM
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:80d::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.onlinethreatalerts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

100 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

24 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.onlinethreatalerts.com/	1969-12-31 23:59:59	Name: cookiep Value: 0
www.onlinethreatalerts.com/	1969-12-31 23:59:59	Name: cokATOMsgIndex Value: 1
.onlinethreatalerts.com/	1970-01-20 21:08:25	Name: _ga Value: GA1.2.1824504506.1654633724
.onlinethreatalerts.com/	1970-01-20 03:38:40	Name: _gid Value: GA1.2.1083471455.1654633724
.onlinethreatalerts.com/	1970-01-20 03:37:15	Name: __cf_bm Value: kqmgFWqUMu9gPGdtZtOvLjJ343vgqEQGoMSdGkHIN3o-1654633724-0-AXqVuLMK9chObzIVuMnYrcv+d1fiI1EQoVchx+HulR6XJT5qW2cHOVVhTvhDfszTrvaMVbpo5zDgXNnGvkPlRjP/G37jSXPtv/rKE/yXHG1G+16JeAXw38lzwyxxBLla6g==
.onlinethreatalerts.com/	1970-01-20 03:37:13	Name: _gat Value: 1
.onlinethreatalerts.com/	1970-01-20 12:58:49	Name: __gads Value: ID=fd66a6d275f1ed08-2279f4cfd2d20047:T=1654633724:RT=1654633724:S=ALNI_MYSQHmxBeBea7UsDSP5aXIwJHfJKA
.onlinethreatalerts.com/	1970-01-20 12:58:49	Name: __gpi Value: UID=000005f6e218a414:T=1654633724:RT=1654633724:S=ALNI_MbXajxRJN6TsqA9wNfkNMJGXy58Ew
.pubmatic.com/	1970-01-20 03:38:40	Name: KTPCACOOKIE Value: YES
.quantserve.com/	1970-01-20 05:46:49	Name: d Value: EBcBCQGpJoEA
.quantserve.com/	1970-01-20 13:07:28	Name: mc Value: 629fb4fd-b857a-92de8-32b65
.casalemedia.com/	1970-01-20 12:22:49	Name: CMID Value: Yp.0-U-N5VgpX23pa3mscwAA
.casalemedia.com/	1970-01-20 05:46:49	Name: CMPS Value: 465
.openx.net/	1970-01-20 12:22:49	Name: i Value: 05db38dc-1b83-40cc-bff8-e7e8e727bc05\|1654633725
.doubleclick.net/	1970-01-20 03:37:17	Name: DSID Value: NO_DATA
.pubmatic.com/	1970-01-20 05:46:49	Name: KADUSERCOOKIE Value: 41F8B232-D876-4B17-A40E-69491DB8BE1F
.casalemedia.com/	1970-01-20 05:46:49	Name: CMPRO Value: 549
.doubleclick.net/	1970-01-20 21:08:25	Name: IDE Value: AHWqTUl6kuzt3ub7suiU8GPIk7Mx8ds1YyzCHBEnPZ4N3ceQQ7CvS3Xq1i5auF6sGw4
.adingo.jp/	1970-01-20 04:20:25	Name: ID Value: 3e072a9d346d2d9209da14bd6654c5d3
.innovid.com/	1970-01-20 05:46:49	Name: uuid Value: 0bae42a2-ba05-417c-878f-5da7ae308a5a-20220607 16:28:46
.casalemedia.com/	1970-01-20 03:38:40	Name: CMST Value: Yp+0-WKftP4A
.mookie1.com/	1970-01-20 13:06:01	Name: id Value: 10595351445946615711
.mookie1.com/	1970-01-20 13:06:01	Name: mdata Value: 1\|10595351445946615711\|1654633726310
.mookie1.com/	1970-01-20 13:06:01	Name: ov Value: b216ea0b1ebff3b781db529e9557e141

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.onlinethreatalerts.com/article/2022/4/24/wp20-ru-scam-and-web-browser-hijacker/ Message: A preload for 'https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8746910186522625' is found, but is not used because the request credentials mode does not match. Consider taking a look at crossorigin attribute.
security	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=9911826040&adk=3707071954&adf=665877015&pi=t.ma~as.9911826040&w=728&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724022&bpp=1&bdt=282&idt=560&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x280&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=355&ady=1194&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=2UDcjDArcI&p=https%3A//www.onlinethreatalerts.com&dtd=566 Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/18053640762837540807/index.html".
security	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8746910186522625&output=html&h=280&slotname=9911826040&adk=3707071954&adf=665877015&pi=t.ma~as.9911826040&w=728&fwrn=4&fwrnh=100&lmt=1654633646&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Fwww.onlinethreatalerts.com%2Farticle%2F2022%2F4%2F24%2Fwp20-ru-scam-and-web-browser-hijacker%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1654633724022&bpp=1&bdt=282&idt=560&shv=r20220602&mjsv=m202206020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x280&nras=1&correlator=5537290061779&frm=20&pv=1&ga_vid=1824504506.1654633724&ga_sid=1654633724&ga_hid=1371702267&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=355&ady=1194&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761044%2C31067768%2C31067908&oid=2&pvsid=3703245962492014&pem=417&tmod=964425352&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=2UDcjDArcI&p=https%3A//www.onlinethreatalerts.com&dtd=566 Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/18053640762837540807/index.html".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
adservice.google.ca
adservice.google.com
ag.innovid.com
ajax.googleapis.com
beacon.walmart.com
cc.adingo.jp
cm.g.doubleclick.net
cms.quantserve.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
image6.pubmatic.com
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
rtb.openx.net
ssum-sec.casalemedia.com
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.onlinethreatalerts.com
13.88.42.153
142.251.40.134
142.251.40.162
142.251.40.98
23.52.162.21
2600:1f16:b8a:8e02:82e6:f9c9:6ed6:87f4
2606:4700:20::ac43:4561
2607:f8b0:4006:807::2001
2607:f8b0:4006:807::2002
2607:f8b0:4006:807::2004
2607:f8b0:4006:807::200a
2607:f8b0:4006:80c::2002
2607:f8b0:4006:80c::2003
2607:f8b0:4006:80d::2002
2607:f8b0:4006:822::2003
2607:f8b0:4006:823::200a
2607:f8b0:4006:823::200e
2620:116:800b:21:f059:4f7e:28a9:1588
3.219.79.180
35.190.90.30
35.227.252.103
69.173.151.100
8.28.7.81
010516b60e81fc07a29a71bb26d46baac0ce95ffa96dabee9c6c9705a2850fc8
03b2edc4d48a8ca76b952bbc00c55e609bd7ce4c01b83082092fbdbe15563931
03d15b9e3e184d6e4d9cc634f951303997e4cf013f2628318f7a32c7bd0244b7
046b258dacaafb51f98e58d185645043a52d6d1ca179570ac2b5fd0ca2f650f4
065a89f1a38bad549e06c85bbb71f115fb67ab246f46c87deb10adc8193969a1
0850c9fbd79b69e041c2e95534115e9746072d6265c55959f5a868151090995d
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
1020ca0ce637cc575f000ef742853a80a06f3c1ef7b5e22f03611642a8f7e1da
12fcda11548ceebd4afafa30de0b1cd97e0531562f0f2b98700e30995d2bb73b
1750433970c4c042361fe9684224ad496ba567615e90a246f9337d601bc65665
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1d82b790d4583053b0d6a516ad22250ded08e30bff47f1a9d34e15f16551e2a3
1fbadb6e6b9eede62f4d1e1a7fab708cc6f0f5c94e70ec6870265a192f5979e9
247f97bd99f312ee870d9d4655f944c8673e5f45a415691639c7b77a27db0cdb
264fca0835cd84b5acd639c412638143d3600939d138c0a998057f1234f2ffcf
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2b6e42c27b740d3dec7b414398be286c288993f71bbb5ca1cce31363ec48e206
4120b7fce0fbcbe2f21d26b7cdd074d4127112fda06f3681d9ec5ac1666003b8
41f7038cf1a00188555bd08200d86c7664b4aa808c0fb5a2ab6f41e2f86cac3a
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a
4d7e6c7733f6d4dbdc1da2a3aeb2eb51447e6ea1b56ce9ff049e0d0774195d1e
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e40cd2f9b3804c4c981db3e8a482687e3a455d780e7b305a5c598809920bcab
4f9cab651230363b4bd0c15334a9c704c88e0c5c7f6bf4368bdc5a523861a1ef
4ff2968fef8c191871ce7f2dab4e5f32b8c372fb605f0b210cf9015843ed859e
501474be0b36a3ce009b45a09ed7bd075063ccb26e8a4a5af8e624dfe73681c1
505539f22072c9e74b5561871b7d869f698f5aecc485ee8401361221da07a2a9
50c195edff2c8c9944af3830cba4ab12703eec7b9ad620ac79aeac75ec41d472
521655d843f587981dec2ef8e15cd210dd5e59997c0c9eab002584201a305bb7
530e29200bf3079a5bc84be0ae94e2a0b01d65ae9375123df55f02d818ebe31c
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
589eb9a634b35b62b29e04e3723c4f22ace208b07e859d3ac301cddb8860e3e8
5d4fa8c57949648365ce572fa8f31571c21182249ecae96efc66ad4226de1460
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6741ad4b2964bd3350dcf3b5d023dafba66148c779b5886b9d034ed6d06707f1
6b974ee1c8b03b378ab989f5fd39494a02a6ef9a25c30ee3171b12d4906f80d8
6c8f75c838d1a6c14fafa79017d12c956ef8fa044f29f3a7d493eac7cab497bb
6ff0d2bd3e418c37f72fb9976ac4f9f3976ef3425880eb61cc3ad117b689a87e
70d381118eb433ce51b122922987546d48eec40439ed294b0bd7f55973533dae
7107bafd4513d5945e1904950ee53f41fa0dde0901a94d8df09cc5e6c7095219
74a0e734491cd1a08c7a71c29494811000e0836532e9f5f39c387f282381a230
78b77e328b39675a285d5ad6bb39e03bdcd1a6d848c3f29bea54a325bbdc990d
79ccad31dc882b58e309238df1c1d866f8f1395b9370aee3c3c2b9c36f9901f6
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
7b5f7a8738cea026482ec8051f74700313fcc9be6b210be1a45dd86bfc3d93d7
7de3cdb1a5dffb33bb9662f0fce8d25aa5e49f5d88e3bc2a066f491d5bb3fe7d
7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e
7e2b58f4337911bf179c475eac5f767b747c2a40a1fea7bf814d746357135cc7
7ebc9ecc1629a15c1554c268206f9e111b232dba30efc3383b3399710e1e02be
80e498438e934eb29a3200d9c942f9b38067fda5fbf64fc1a63c1fa66741b581
861f488fdaf1a72fcf444007e0504611737b85e5a40087655b5a2495d83e863e
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
94dccd578b83d4cc15c2ce4708dda82cc3d18cc879c0bc35f704ec16d6a684a7
97dd175890151cee0a20afccc16e7a9800d7901b32b39afbd4322f10d4b10884
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a658b2be7323c57d4bd5c4197b657e1f5360d1b950131dc377efec1d5111ffd0
aa8d4b558de7afe632b763e79e0dbf75cd7b92fba5df4ca26f8d984ed3cdc196
b101c3e945a1e7205ae542e5e34809d52d8872f253d0f502f9e34c06843791ea
b64a03359b8489ed74a41fd09a96c939f7b56ac147fbabd99d1729f047fc5fc6
b78a91fcf472627ef755cc7633095a3c7a45713780c72222e75e60bdee8cf0f1
b8021f9e7e820c5b7ce92d011e93494f3360f253e2bd212ab7f373432e8c6531
bb7582e45027f2c11a220c398f86511f458c1ba89f9495de176e91d950261e5b
bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66
c3c035cf65a2bcd4d757457f3efd5bc403b7d616ff5ede17eea8085c0d45a82c
c797c72116853874925b0693b8b9000b9e30ecb9e10c6823e6c8eda1612805ed
ca6d94c2b2dba5c07fa22b35fd59b14722eebfb4a7274c15ae952dd55d03fcae
d516ed3fdd3897f251319a930aaf691ad719450ceb7ef1fd856bcbf7a19e3d5e
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d98c2375ed3e73466e1058a38c4b028ce16101b059c901a3573905ffc0b33343
db3985c4d5ae08ac22f3958d29da53f4edcd150439f74c668074c65ea0981da6
de84e217abb7ead0e28d3175eae9f1187cc9a6ac93de7711c4ca14a118809778
e0432688fc68bf749004301ffa03b49d255cc56df23d894427406675412e99bd
e116e51405949ccc5cd74cef9aa6c9037f470dca91dcb53da73b8dc9c52b0dd7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4583c68394a82a2c60ecf0cd3e16dc58f19c2401690fd6e59cdd4fe010140c6
e4e31caa859cd53e7b62f23806b429c7ce6357150d3ef928f0c72c6ea18cc35d
e5f7a7f505c29175e09f91880a7d5d7f2d2fcefd76b1012e9b9df8e2b880d191
e6e30b0b689458dd1d0c051d01260b19ea24f76aee2d8f184e1de1d6df995638
e9c6431003ee60854b54cad131fbdcf4ff7ce05ebc013006efdb8dba7946292b
ee7d0307fd888125fa8a18741234f63250126033857b385dbd7e5f803134f59d
ee86b68a7ce0077ad39a472d290d35700737a225eb0e234adec53b9799cb55bf
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efa5f8df07811ca584265a7f3b44e74687496ae792370392f6fec18f4c1ea30f
f2f829301ac3314e48bb47fa95e5971ac00d55756937935822482ece2ca143ac
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f680a40b063c5c5a4bff2d39ec55b7129d2916268c2888e806ebdd3b4c9c59a0
f8f5712db1b5ee579f5a9d824dac4329aed4d9d7683fc24d7225b537d9e4e87b
fbc555fedf94b403ab86849e10805289960519d2470c2acd72a1b7c04630da75
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

www.onlinethreatalerts.com Open in urlscan Pro 2606:4700:20::ac43:4561 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

150 Requests

87 %HTTPS

57 %IPv6

19 Domains

25 Subdomains

17 IPs

1 Countries

1361 kBTransfer

3038 kBSize

24 Cookies

5 Outgoing links

Redirected requests

150 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.onlinethreatalerts.com Open in urlscan Pro
2606:4700:20::ac43:4561 Public Scan

Screenshot
Live screenshot

Full Image

150
Requests

87 %
HTTPS

57 %
IPv6

19
Domains

25
Subdomains

17
IPs

1
Countries

1361 kB
Transfer

3038 kB
Size

24
Cookies

150 HTTP transactions
7 data transactions