thehackernews.com Open in urlscan Pro
2606:4700:20::681a:161 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
Submission: On June 27 via api (June 27th 2022, 7:07:44 am UTC) from GB — Scanned from GB

Summary HTTP 267 Redirects Links 35 Behaviour Indicators

Summary

This website contacted 57 IPs in 8 countries across 67 domains to perform 267 HTTP transactions. The main IP is 2606:4700:20::681a:161, located in United States and belongs to CLOUDFLARENET, US. The main domain is thehackernews.com. The Cisco Umbrella rank of the primary domain is 178901.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 1st 2022. Valid for: a year.

This is the only time thehackernews.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
12	2606:4700:20:... 2606:4700:20::681a:161	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:440... 2606:4700:4400::ac40:99f7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3b	20446 (STACKPATH...) (STACKPATH-CDN)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
29	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
4	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
4	143.204.93.3 143.204.93.3	16509 (AMAZON-02) (AMAZON-02)
5	23.97.225.52 23.97.225.52	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
21	2a00:1450:401... 2a00:1450:4014:80a::2002	15169 (GOOGLE) (GOOGLE)
2	2620:116:800d... 2620:116:800d:21:7eb1:3826:be7e:d981	16509 (AMAZON-02) (AMAZON-02)
2 4	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2606:4700::68... 2606:4700::6810:5614	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
10	63.35.4.196 63.35.4.196	16509 (AMAZON-02) (AMAZON-02)
2	216.52.2.48 216.52.2.48	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
1 2	147.75.85.234 147.75.85.234	54825 (PACKET) (PACKET)
1	34.107.148.139 34.107.148.139	15169 (GOOGLE) (GOOGLE)
1	2a02:fa8:8806... 2a02:fa8:8806:13::1460	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1	178.250.0.165 178.250.0.165	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3 7	185.33.220.240 185.33.220.240	29990 (ASN-APPNEX) (ASN-APPNEX)
3	2606:4700:10:... 2606:4700:10::6816:36ce	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.192.170.39 18.192.170.39	16509 (AMAZON-02) (AMAZON-02)
1	2602:803:c003... 2602:803:c003:200::21	26667 (RUBICONPR...) (RUBICONPROJECT)
4	35.156.141.29 35.156.141.29	16509 (AMAZON-02) (AMAZON-02)
4	51.75.86.98 51.75.86.98	16276 (OVH) (OVH)
2	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1	2.18.232.7 2.18.232.7	16625 (AKAMAI-AS) (AKAMAI-AS)
2	52.30.242.212 52.30.242.212	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:215... 2600:9000:2156:2200:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
26	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
4 6	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:806::2001	15169 (GOOGLE) (GOOGLE)
2	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4 13	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
2 5	104.18.19.126 104.18.19.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a00:1450:400... 2a00:1450:4001:829::2006	15169 (GOOGLE) (GOOGLE)
1	2a02:fa8:8806... 2a02:fa8:8806:20::2010	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	169.50.137.182 169.50.137.182	36351 (SOFTLAYER) (SOFTLAYER)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
2 2	213.155.156.167 213.155.156.167	1299 (TWELVE99 ...) (TWELVE99 Arelion)
2 2	70.42.32.191 70.42.32.191	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1 3	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
6	15.197.193.217 15.197.193.217	() ()
2	52.222.214.44 52.222.214.44	() ()
1	2620:1ec:40::45 2620:1ec:40::45	() ()
2	104.92.74.8 104.92.74.8	() ()
1	151.101.129.108 151.101.129.108	() ()
3	184.87.212.214 184.87.212.214	() ()
1	2.18.235.93 2.18.235.93	() ()
1	52.213.153.112 52.213.153.112	() ()
1	185.86.139.93 185.86.139.93	() ()
2 2	216.52.2.30 216.52.2.30	() ()
3 3	213.19.147.44 213.19.147.44	() ()
1 1	193.0.160.128 193.0.160.128	() ()
4 4	18.156.0.31 18.156.0.31	() ()
1	2a05:d018:d29... 2a05:d018:d29:3602:68f1:8fce:a96f:e71c	() ()
267	57

12 2606:4700:20::681a:161 (United States)

ASN13335 (CLOUDFLARENET, US)

thehackernews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::ac40:99f7 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.adpushup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f130.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 143.204.93.3 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-93-3.fra50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.97.225.52 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

e3.adpushup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4014:80a::2002 (Ireland)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:7eb1:3826:be7e:d981 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638::1c (France) 2 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 63.35.4.196 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-35-4-196.eu-west-1.compute.amazonaws.com

ads.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.48 (United States)

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 147.75.85.234 (Schiphol, Netherlands) 1 redirects

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.148.139 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 139.148.107.34.bc.googleusercontent.com

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:13::1460 (Singapore)

ASN41041 (VCLK-EU-SE, US)

web.hb.ad.cpe.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.165 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.par.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 185.33.220.240 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:10::6816:36ce (United States)

ASN13335 (CLOUDFLARENET, US)

i.connectad.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.connectad.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync-eu.connectad.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.192.170.39 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-192-170-39.eu-central-1.compute.amazonaws.com

prebid-server.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2602:803:c003:200::21 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.156.141.29 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-141-29.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 51.75.86.98 (France)

ASN16276 (OVH, FR)
PTR: ip98.ip-51-75-86.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

adpushup-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.232.7 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-7.deploy.static.akamaitechnologies.com

a.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.30.242.212 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-242-212.eu-west-1.compute.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:2200:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany) 4 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 142.250.185.194 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.18.19.126 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:829::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:20::2010 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.50.137.182 (United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: b6.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.167 (Uppsala, Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)
PTR: 213-155-156-167.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 70.42.32.191 (United States) 2 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.165 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 15.197.193.217 (None, )

ASN- ()

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.222.214.44 (None, )

ASN- ()

cdn.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:40::45 (None, )

ASN- ()

public.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.92.74.8 (None, )

ASN- ()

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.108 (None, )

ASN- ()

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 184.87.212.214 (None, )

ASN- ()

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.235.93 (None, )

ASN- ()

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.213.153.112 (None, )

ASN- ()

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.93 (None, )

ASN- ()

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.30 (None, ) 2 redirects

ASN- ()

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.19.147.44 (None, ) 3 redirects

ASN- ()

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.128 (None, ) 1 redirects

ASN- ()

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.156.0.31 (None, ) 4 redirects

ASN- ()

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3602:68f1:8fce:a96f:e71c (None, )

ASN- ()

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
57	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 120 tpc.googlesyndication.com — Cisco Umbrella Rank: 160 f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com	564 KB
38	doubleclick.net 4 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 209 googleads.g.doubleclick.net — Cisco Umbrella Rank: 54 cm.g.doubleclick.net — Cisco Umbrella Rank: 205 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 287	339 KB
12	thehackernews.com thehackernews.com — Cisco Umbrella Rank: 178901	427 KB
11	servenobid.com ads.servenobid.com — Cisco Umbrella Rank: 2138 public.servenobid.com	8 KB
9	gstatic.com www.gstatic.com fonts.gstatic.com	73 KB
9	google.com 4 redirects adservice.google.com — Cisco Umbrella Rank: 92 www.google.com — Cisco Umbrella Rank: 8	2 KB
8	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 244 acdn.adnxs.com secure.adnxs.com Failed	23 KB
8	criteo.com 2 redirects gum.criteo.com — Cisco Umbrella Rank: 391 mug.criteo.com — Cisco Umbrella Rank: 2727 bidder.criteo.com — Cisco Umbrella Rank: 744	9 KB
8	adpushup.com cdn.adpushup.com — Cisco Umbrella Rank: 12422 e3.adpushup.com — Cisco Umbrella Rank: 15960	222 KB
7	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 276	129 KB
7	rubiconproject.com 1 redirects prebid-server.rubiconproject.com — Cisco Umbrella Rank: 1040 fastlane.rubiconproject.com — Cisco Umbrella Rank: 528 pixel.rubiconproject.com — Cisco Umbrella Rank: 336 eus.rubiconproject.com	13 KB
6	adsrvr.org match.adsrvr.org	2 KB
5	yahoo.com 4 redirects ups.analytics.yahoo.com pr-bh.ybp.yahoo.com Failed	954 B
5	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 608 ssum-sec.casalemedia.com	5 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 179	212 KB
4	onetag-sys.com onetag-sys.com — Cisco Umbrella Rank: 820	402 B
4	sharethrough.com btlr.sharethrough.com — Cisco Umbrella Rank: 1299	457 B
4	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 660 ce.lijit.com	2 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 327 aax-eu.amazon-adsystem.com Failed s.amazon-adsystem.com Failed	42 KB
3	1rx.io 3 redirects sync.1rx.io	2 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 71	3 KB
3	google.co.uk adservice.google.co.uk — Cisco Umbrella Rank: 4608	1 KB
3	pubmatic.com hbopenbid.pubmatic.com Failed ads.pubmatic.com image6.pubmatic.com Failed	18 KB
3	connectad.io i.connectad.io — Cisco Umbrella Rank: 6911 cdn.connectad.io sync-eu.connectad.io	1 KB
2	zemanta.com 2 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 534	1 KB
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 4852	726 B
2	criteo.net static.criteo.net — Cisco Umbrella Rank: 606	57 KB
2	yieldmo.com ads.yieldmo.com — Cisco Umbrella Rank: 670	260 B
2	openx.net adpushup-d.openx.net — Cisco Umbrella Rank: 13411 u.openx.net	472 B
2	dotomi.com web.hb.ad.cpe.dotomi.com — Cisco Umbrella Rank: 1878 dclk-match.dotomi.com — Cisco Umbrella Rank: 2942	503 B
2	media.net prebid.media.net — Cisco Umbrella Rank: 1342 contextual.media.net	9 KB
2	a-mo.net 1 redirects prebid.a-mo.net — Cisco Umbrella Rank: 1220	414 B
2	districtm.io dmx.districtm.io Failed cdn.districtm.io	4 KB
2	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 1029 pixel.quantserve.com — Cisco Umbrella Rank: 443	10 KB
1	rfihub.com 1 redirects p.rfihub.com	735 B
1	smartadserver.com ssbsync.smartadserver.com rtb-csync.smartadserver.com Failed	1 KB
1	gumgum.com g2.gumgum.com usersync.gumgum.com Failed	2 KB
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 12943	556 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 851	708 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 867	649 B
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 991	344 B
1	teads.tv a.teads.tv — Cisco Umbrella Rank: 1237	249 B
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 429	2 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 231	28 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 630	30 KB
0	adform.net Failed c1.adform.net Failed
0	adgrx.com Failed cm.adgrx.com Failed
0	turn.com Failed ad.turn.com Failed
0	creativecdn.com Failed creativecdn.com Failed
0	socdm.com Failed tg.socdm.com Failed
0	emxdgt.com Failed cs.emxdgt.com Failed
0	everesttech.net Failed sync-tm.everesttech.net Failed
0	mathtag.com Failed sync.mathtag.com Failed
0	contextweb.com Failed bh.contextweb.com Failed
0	360yield.com Failed ad.360yield.com Failed
0	bluekai.com Failed stags.bluekai.com Failed
0	deepintent.com Failed match.deepintent.com Failed
0	technoratimedia.com Failed sync.technoratimedia.com Failed
0	ipredictive.com Failed sync.ipredictive.com Failed
0	stackadapt.com Failed sync.srv.stackadapt.com Failed
0	outbrain.com Failed sync.outbrain.com Failed
0	bidswitch.net Failed x.bidswitch.net Failed
0	linkedin.com Failed px.ads.linkedin.com Failed
0	disqus.com Failed ssp.disqus.com Failed
0	resetdigital.co Failed sync2.resetdigital.co Failed
0	sonobi.com Failed sync.go.sonobi.com Failed
0	yieldlift.com Failed x.yieldlift.com Failed
267	67

	Domain	Requested by
29	pagead2.googlesyndication.com	thehackernews.com pagead2.googlesyndication.com tpc.googlesyndication.com www.gstatic.com googleads.g.doubleclick.net www.googletagservices.com f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com
26	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com
19	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com thehackernews.com
13	cm.g.doubleclick.net	4 redirects googleads.g.doubleclick.net f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com g2.gumgum.com ssum-sec.casalemedia.com
12	thehackernews.com	thehackernews.com
10	ads.servenobid.com	cdn.adpushup.com public.servenobid.com g2.gumgum.com ssum-sec.casalemedia.com ssbsync.smartadserver.com
8	www.gstatic.com	googleads.g.doubleclick.net
7	s0.2mdn.net	thehackernews.com s0.2mdn.net
7	ib.adnxs.com	3 redirects cdn.adpushup.com googleads.g.doubleclick.net acdn.adnxs.com
6	match.adsrvr.org	cdn.adpushup.com public.servenobid.com g2.gumgum.com ssum-sec.casalemedia.com ssbsync.smartadserver.com
6	www.google.com	4 redirects tpc.googlesyndication.com f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com
5	www.googletagservices.com	googleads.g.doubleclick.net f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com
5	e3.adpushup.com
4	ups.analytics.yahoo.com	4 redirects
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net ssum-sec.casalemedia.com
4	onetag-sys.com	cdn.adpushup.com public.servenobid.com
4	btlr.sharethrough.com	cdn.adpushup.com
4	gum.criteo.com	2 redirects static.criteo.net
4	c.amazon-adsystem.com	cdn.adpushup.com c.amazon-adsystem.com
4	securepubads.g.doubleclick.net	cdn.adpushup.com securepubads.g.doubleclick.net
3	sync.1rx.io	3 redirects
3	ads.pubmatic.com	cdn.adpushup.com public.servenobid.com g2.gumgum.com
3	pixel.rubiconproject.com	1 redirects public.servenobid.com
3	fonts.googleapis.com	googleads.g.doubleclick.net
3	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
3	adservice.google.co.uk	pagead2.googlesyndication.com securepubads.g.doubleclick.net
3	mug.criteo.com
3	cdn.adpushup.com	thehackernews.com cdn.adpushup.com
2	ce.lijit.com	2 redirects
2	eus.rubiconproject.com	cdn.adpushup.com eus.rubiconproject.com g2.gumgum.com
2	cdn.districtm.io	cdn.adpushup.com cdn.districtm.io
2	googleads4.g.doubleclick.net	thehackernews.com
2	b1sync.zemanta.com	2 redirects
2	d5p.de17a.com	2 redirects
2	static.criteo.net	cdn.adpushup.com static.criteo.net
2	f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	ads.yieldmo.com	cdn.adpushup.com f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com
2	prebid.a-mo.net	1 redirects cdn.adpushup.com
2	ap.lijit.com	cdn.adpushup.com public.servenobid.com
1	pr-bh.ybp.yahoo.com	ssum-sec.casalemedia.com
1	p.rfihub.com	1 redirects
1	ssum-sec.casalemedia.com	public.servenobid.com
1	ssbsync.smartadserver.com	public.servenobid.com g2.gumgum.com
1	g2.gumgum.com	public.servenobid.com
1	sync-eu.connectad.io	cdn.connectad.io
1	contextual.media.net	cdn.adpushup.com
1	u.openx.net	cdn.adpushup.com
1	acdn.adnxs.com	cdn.adpushup.com
1	cdn.connectad.io	cdn.adpushup.com
1	public.servenobid.com	cdn.adpushup.com
1	ads.travelaudience.com	1 redirects
1	um.simpli.fi	1 redirects
1	dclk-match.dotomi.com	f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com
1	fonts.gstatic.com	fonts.googleapis.com
1	pixel.quantserve.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	rules.quantcount.com	secure.quantserve.com
1	a.teads.tv	cdn.adpushup.com
1	adpushup-d.openx.net	cdn.adpushup.com
1	fastlane.rubiconproject.com	cdn.adpushup.com
1	prebid-server.rubiconproject.com	cdn.adpushup.com
1	i.connectad.io	cdn.adpushup.com
1	bidder.criteo.com	cdn.adpushup.com
1	web.hb.ad.cpe.dotomi.com	cdn.adpushup.com
1	prebid.media.net	cdn.adpushup.com
1	cdn.jsdelivr.net	cdn.adpushup.com
1	secure.quantserve.com	cdn.adpushup.com
1	cdnjs.cloudflare.com	thehackernews.com
1	code.jquery.com	cdn.adpushup.com
0	rtb-csync.smartadserver.com Failed	ssbsync.smartadserver.com
0	c1.adform.net Failed	ssbsync.smartadserver.com
0	cm.adgrx.com Failed	ssum-sec.casalemedia.com
0	ad.turn.com Failed	ssum-sec.casalemedia.com
0	secure.adnxs.com Failed	ssum-sec.casalemedia.com
0	creativecdn.com Failed	g2.gumgum.com
0	tg.socdm.com Failed	g2.gumgum.com
0	cs.emxdgt.com Failed	g2.gumgum.com
0	sync-tm.everesttech.net Failed	g2.gumgum.com
0	sync.mathtag.com Failed	g2.gumgum.com
0	bh.contextweb.com Failed	g2.gumgum.com ssbsync.smartadserver.com
0	ad.360yield.com Failed	g2.gumgum.com
0	stags.bluekai.com Failed	g2.gumgum.com
0	match.deepintent.com Failed	g2.gumgum.com
0	sync.technoratimedia.com Failed	g2.gumgum.com
0	sync.ipredictive.com Failed	g2.gumgum.com
0	sync.srv.stackadapt.com Failed	g2.gumgum.com
0	sync.outbrain.com Failed	g2.gumgum.com
0	x.bidswitch.net Failed	g2.gumgum.com
0	usersync.gumgum.com Failed	g2.gumgum.com
0	s.amazon-adsystem.com Failed	ssum-sec.casalemedia.com
0	px.ads.linkedin.com Failed
0	aax-eu.amazon-adsystem.com Failed
0	image6.pubmatic.com Failed	ads.pubmatic.com
0	ssp.disqus.com Failed	public.servenobid.com
0	sync2.resetdigital.co Failed	public.servenobid.com
0	sync.go.sonobi.com Failed	public.servenobid.com
0	x.yieldlift.com Failed	public.servenobid.com
0	hbopenbid.pubmatic.com Failed	cdn.adpushup.com
0	dmx.districtm.io Failed	cdn.adpushup.com cdn.districtm.io
267	99

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
feeds.feedburner.com
deals.thehackernews.com
thehackernews.tradepub.com
www.instagram.com
t.me
go.thn.li
www.bitdefender.com
www.cisa.gov
nvd.nist.gov
www.reddit.com
news.ycombinator.com
api.whatsapp.com
telegram.me

Subject Issuer	Validity	Valid
thehackernews.com Cloudflare Inc ECC CA-3	`2022-05-01` - `2023-05-01`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-22` - `2023-05-22`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-18`	a year	crt.sh
*.adpushup.com Sectigo RSA Domain Validation Secure Server CA	`2020-05-27` - `2022-08-29`	2 years	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-15` - `2022-09-18`	3 months	crt.sh
ads.servenobid.com Amazon	`2022-05-29` - `2023-06-27`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2022-03-11` - `2023-04-12`	a year	crt.sh
*.a-mo.net R3	`2022-05-05` - `2022-08-03`	3 months	crt.sh
*.media.net Sectigo RSA Domain Validation Secure Server CA	`2022-04-06` - `2023-05-04`	a year	crt.sh
ad.cpe.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-05-31` - `2023-07-02`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
connectad.io Cloudflare Inc ECC CA-3	`2022-04-15` - `2023-04-15`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
*.sharethrough.com Amazon	`2021-08-13` - `2022-09-11`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-10` - `2023-01-03`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
teads.tv R3	`2022-06-01` - `2022-08-30`	3 months	crt.sh
*.yieldmo.com Amazon	`2022-04-25` - `2023-05-24`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.google.co.uk GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-21` - `2022-09-23`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
cdn.districtm.io Amazon	`2021-09-07` - `2022-10-06`	a year	crt.sh
public.servenobid.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-17` - `2023-02-17`	a year	crt.sh
cdn.adnxs.com GeoTrust TLS RSA CA G1	`2022-03-11` - `2023-04-11`	a year	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2022-02-04` - `2023-02-03`	a year	crt.sh
*.gumgum.com Amazon	`2022-05-06` - `2023-06-04`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-06-14` - `2022-12-07`	6 months	crt.sh

This page contains 49 frames:

Primary Page: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
Frame ID: 910903D4E551C8C928459B39833C3C5D
Requests: 81 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220622/r20190131/zrt_lookup.html
Frame ID: BD7712C70696A540413C1FD1A1817720
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1656283406&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656313657718&bpp=5&bdt=828&idt=325&shv=r20220622&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&correlator=2462490803585&frm=20&pv=2&ga_vid=633798284.1656313658&ga_sid=1656313658&ga_hid=2003236339&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761793&oid=2&pvsid=438245539072583&tmod=1062587049&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=JV9fvl4EZK&p=https%3A//thehackernews.com&dtd=344
Frame ID: 0EE0ED0B35D7903694D8823199276ACF
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&h=600&slotname=1415611493&adk=2877078529&adf=3546401298&pi=t.ma~as.1415611493&w=300&fwrn=4&fwrnh=100&lmt=1656283406&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656313657723&bpp=2&bdt=833&idt=357&shv=r20220622&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=2462490803585&frm=20&pv=1&ga_vid=633798284.1656313658&ga_sid=1656313658&ga_hid=2003236339&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761793&oid=2&pvsid=438245539072583&tmod=1062587049&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=GejRhJKddK&p=https%3A//thehackernews.com&dtd=362
Frame ID: 1A35FE9E747036EB7D62DEB0D4E6226B
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1656283406&rafmt=12&psa=0&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656313657725&bpp=2&bdt=835&idt=369&shv=r20220622&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600&correlator=2462490803585&frm=20&pv=1&ga_vid=633798284.1656313658&ga_sid=1656313658&ga_hid=2003236339&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3096&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761793&oid=2&pvsid=438245539072583&tmod=1062587049&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=Pct71FVWtc&p=https%3A//thehackernews.com&dtd=372
Frame ID: 136BC5368D8CABD97022F4E8A6FFFEFB
Requests: 25 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&adk=1812271804&adf=3025194257&lmt=1656283406&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656313657744&bpp=1&bdt=854&idt=358&shv=r20220622&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600%2C970x250&nras=1&correlator=2462490803585&frm=20&pv=1&ga_vid=633798284.1656313658&ga_sid=1656313658&ga_hid=2003236339&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761793&oid=2&pvsid=438245539072583&tmod=1062587049&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&dtd=364
Frame ID: 22E5AFAAC1D757C2CF435CA56AFD72E6
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A7B722FAE310A40EDBEA4E21F3783435
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E6430387667340E107D60FF48B1C4879
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 8FA71320B19A8B98393F261BE1A159B3
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: FC8E8EAD27CD99AE63976002AE110718
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220622/r20110914/zrt_lookup.html?fsb=1
Frame ID: 8417B808BEF13C30C70E78A76CF44838
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js
Frame ID: 10DA2B7F9A61CC35E1A0E60FA6D25953
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 9D48760E3B37DAE1910D2219D6417A1B
Requests: 2 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 528AA82441916B31CDFAC97DB9DA248F
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: FB276C3570AEF95A12254399E89B3D3A
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js
Frame ID: E6D085E103A58C911FE27C5F910AE8C8
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js
Frame ID: 8837EAA8CEE9EB34DC1321374E884221
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js
Frame ID: 9FE1092BE4AC7E249E478FB30C040D97
Requests: 1 HTTP requests in this frame

Frame: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: FFAAFF2B2C74CADF041A4EA8BD732BB3
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=thehackernews.com
Frame ID: 545B8DD42762E36927F207F141D3A81E
Requests: 2 HTTP requests in this frame

Frame: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: E56D23F5F579C9D8827A527338D90A1F
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-mmwIQs5ueAhj76NzEATAB&v=APEucNUcKGNWYaG4R2o9JnmClwLqek8_Bnl5cUeMB5ImnqI6gszJlCFaKPG4VbE2Lht2m6pAdEt5OO__cIb1fu5KLcomPKJaDvjur3Gl-2CV_Ulvy7_OS1tiUD-JwMW5D-zOIKYXKxjo0glHEABRrZcmFam1AY7ojEjkUReyesKyd9GGAPYzTZs
Frame ID: 2E96559CA107C79FA27E1ABAAF888047
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: CDBF46461552473D71B70EA632CEA894
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 66E252163F66994C7EE3AB6FC469BC98
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/2472196587167945595/index.html
Frame ID: 8F96F52374BB0132FB089679C9358190
Requests: 6 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: A8B10DC995DDABACD244B6F1753D97EC
Requests: 3 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: E671C9048A2F528A080124F9C68E6A9F
Requests: 14 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php
Frame ID: 22F8C19CC40A1DC7DBFFA51151F4942A
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 07E606C57C926818437578CB9C926EC6
Requests: 10 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 0F20B48216C7B4BFB456C94C99944FCC
Requests: 2 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 2E9AF87BD34137264FC6F3F3A75B0A1C
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158261
Frame ID: 9B454FBEC474A941A607D1D5A2347364
Requests: 2 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1656313658091
Frame ID: 087F6DDE63B5B10B150A8279E71E3018
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUPEPKI9&prvid=2034%2C2033%2C2031%2C172%2C2030%2C173%2C251%2C175%2C132%2C178%2C2029%2C233%2C255%2C2028%2C2027%2C3017%2C214%2C236%2C3016%2C237%2C337%2C338%2C70%2C51%2C97%2C55%2C99%2C77%2C3012%2C2043%2C2040%2C141%2C186%2C222%2C244%2C201%2C3007%2C246%2C345%2C4%2C203%2C10000%2C80%2C108%2C229%2C9%2C307&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: A6AAFC9DD044C157F4A6640B80F5C7A3
Requests: 1 HTTP requests in this frame

Frame: https://sync-eu.connectad.io/syncer/1
Frame ID: C67CAED6135ED7DADD185B096D8503EE
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fx.yieldlift.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1YN-%26uid%3D
Frame ID: 9487C4112C61C81543CF48163A9D9727
Requests: 1 HTTP requests in this frame

Frame: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Frame ID: 9074B025F34AD3D5CD4A6407549228E9
Requests: 16 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Frame ID: 91408E78891F54C9C1A04F58665717CD
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Frame ID: 4BE893F01C8F9695F1FE6DD432220A82
Requests: 6 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Frame ID: 0DCD6610964DF6F7D2AE30E7F7034FA8
Requests: 10 HTTP requests in this frame

Frame: https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
Frame ID: 75AE9DAB47FEBED84DD44A754F9F3A4B
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
Frame ID: 9E4B2B9FF3C7A7ED0FF20F864AFAB44A
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8yOTZlYzk3My1iMjNjLTQxYjEtOWMyNi1iY2M4NTE1ZjAxNDU=&gdpr=0&gdpr_consent=
Frame ID: BA66D8A84398C2B9B9A603A6E6B0DF38
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: 05A7213E91784CC96F47CF6B0BF48168
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
Frame ID: 729B77E7C7972D8302D6A8D7E592689F
Requests: 1 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=0&gdpr_consent=
Frame ID: 05B6DD1DF2C39B1A86980B2DD973200D
Requests: 1 HTTP requests in this frame

Frame: https://tg.socdm.com/aux/idsync?proto=gumgum
Frame ID: 85B7B6F79CD379FE04D8DA9B4CEA9610
Requests: 1 HTTP requests in this frame

Frame: https://creativecdn.com/cm-notify?pi=gumgum
Frame ID: DBFC4C2720CD37BF983A4BE2BE107DEB
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: 323093D213A704B33BD3109FCFC9F187
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

RIG Exploit Kit Now Infects Victims' PCs With Dridex Instead of Raccoon Stealer

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

267
Requests

76 %
HTTPS

44 %
IPv6

67
Domains

99
Subdomains

57
IPs

8
Countries

2240 kB
Transfer

5546 kB
Size

29
Cookies

35 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/thehackernews
Title: 

Search URL Search Domain Scan URL

URL: https://twitter.com/thehackersnews
Title: 

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/thehackernews/
Title: 

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/thehackernews?sub_confirmation=1
Title: 

Search URL Search Domain Scan URL

URL: https://feeds.feedburner.com/TheHackersNews
Title: 

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/
Title:  Offers

Search URL Search Domain Scan URL

URL: https://thehackernews.tradepub.com/
Title: Free eBooks

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/free
Title: Freebies

Search URL Search Domain Scan URL

URL: https://www.instagram.com/thehackernews/
Title: 

Search URL Search Domain Scan URL

URL: https://t.me/joinchat/AAAAADwuDObFWF60CiR-HQ
Title:  Telegram Channel

Search URL Search Domain Scan URL

URL: https://go.thn.li/crowdsec-may

Search URL Search Domain Scan URL

URL: https://www.bitdefender.com/blog/labs/rig-exploit-kit-swaps-dead-raccoon-with-dridex/
Title: spotted

Search URL Search Domain Scan URL

URL: https://www.cisa.gov/uscert/ncas/alerts/aa19-339a
Title: Dridex

Search URL Search Domain Scan URL

URL: https://go.thn.li/crowdsec-tour-d

Search URL Search Domain Scan URL

URL: https://www.bitdefender.com/blog/labs/new-wastedloader-campaign-delivered-through-rig-exploit-kit/
Title: exploited

Search URL Search Domain Scan URL

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-0752
Title: CVE-2019-0752

Search URL Search Domain Scan URL

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-8174
Title: CVE-2018-8174

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html
Title: 

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html&text=RIG%20Exploit%20Kit%20Now%20Infects%20Victims%27%20PCs%20With%20Dridex%20Instead%20of%20Raccoon%20Stealer&via=TheHackersNews
Title: 

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html
Title: 

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html
Title: Share on Reddit

Search URL Search Domain Scan URL

URL: https://news.ycombinator.com/submitlink?u=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html&t=RIG%20Exploit%20Kit%20Now%20Infects%20Victims%27%20PCs%20With%20Dridex%20Instead%20of%20Raccoon%20Stealer
Title: Share on Hacker News

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=RIG%20Exploit%20Kit%20Now%20Infects%20Victims%27%20PCs%20With%20Dridex%20Instead%20of%20Raccoon%20Stealer%20%E2%80%94%20https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html
Title: Share on WhatsApp

Search URL Search Domain Scan URL

URL: https://telegram.me/share/url?url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html&text=RIG%20Exploit%20Kit%20Now%20Infects%20Victims%27%20PCs%20With%20Dridex%20Instead%20of%20Raccoon%20Stealer
Title: Share on Telegram

Search URL Search Domain Scan URL

URL: https://go.thn.li/scw-q2

Search URL Search Domain Scan URL

URL: https://go.thn.li/native-q2-1
Title: Make software security a priority in 2022Learn more about how security-aware developers represent a vast and largely untapped resource that can support cyber defenses.

Search URL Search Domain Scan URL

URL: https://go.thn.li/native-q2-2
Title: Uncover the secure developer inside every coderEmpower developers to deliver secure coding that is intrinsic to their daily process.

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/sales/the-a-to-z-cyber-security-it-certification-training-bundle
Title: <img alt='Learn Ethical Hacking Online' class='deal-link' src='https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiI35PZGxaHZD68Ea5xegPuLeSWEhyoS4eYqzEECWzt64wQRQ7MCPbeGR4qIhBAGbt1XdJ6USs2yeFxr0bqF3mtE9Is_pMyL9cSPtiJtbRAxj3lLfSGBcNqegKYr63rMaD8uJtLT8mHEk4EAaq-AUAxDkfdf42CZfEHUtv_M928jHKaXI2EpWSb-0ti9A/s260-e100/hack.jpg'/> A to Z Cybersecurity Certification Training Get Paid to Hack Computer Networks When You Become a Certified Ethical Hacker.

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/sales/comptia-campus-premium-1-year-subscription
Title: <img alt='CompTIA Campus Premium' class='deal-link' src='https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgCP8LsHMCGJ66Sw30XA6l8p0tga-FYZWWXB8yocCCp12NHG1f0ovIFBY5RjuRuiExwLNq8RrXKHLyL5bFXjBb8QUPfLlRKO5bGWKYBcmNM1qUYVAik8mXDEw5gW3jc8tkV8z18vbKFDWb9hnXuPnQINmyfPCn_TAp9v_KHdzVwjfgzTBy-sPkglYelYg/s260-e100/comptia.jpg'/> CompTIA Campus Premium One-Stop-Shop for All CompTIA Certifications! Get 1-Yr Access to Courses, Live Hands-On Labs, Practice Exams and Updated Content

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/sales/ultimate-network-and-security-course-bundle
Title: <img alt='Ethical Hacking' class='deal-link' src='https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEimmKZ26nPjNl2ZjmIlqVtP9X1SaF-1z_fMwY1oRIFZVKV8k9SXIxpo5tWyLQkQ79I4hXOhE3fe5H5SgoANx2zIC6PeOeh-wFumVXXq8GtMF-AhCLTI8TlQ5MEBV9UZAs4mfxcgKn_ZaynBDg3JwJK3dCFewhjYJx3Hd2TK_w8r-lirYQj8yeTWnPyYIA/s260-e100/hacking.jpg'/> Network, Security and Ethical Hacking Your 28-Hour Roadmap as an Ultimate Security Professional — Master Network Monitoring, PenTesting, and Routing Techniques and Vulnerabilities

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/sales/the-complete-2022-linux-certification-training-bundle
Title: <img alt='Linux Certification Courses' class='deal-link' src='https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhtIq4lKc2RybeE8fg8x1hvFqh2nr1cx6Hy0sQaXshQQ1CjwhceehW_AWliIuIzdpv8niYskXwOh4SmHiT5n_eE-ngP90BcTwZMzJClByVrQdc1ZhfQREek1l4sx7_bFDZgEqc1gFjYKxSOVD5KToTX8UMTyVH9_CPQejpwEzizqO4MUisPIS76OsJnxA/s260-e100/linux.jpg'/> Complete Linux Certification Training Know Your Way Around Networks and Client-Server Linux Systems — Techniques, Command Line, Shell Scripting, and More

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/collections/citizengoods-exclusives
Title: Exclusives

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/collections/hacking
Title: Hacking

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/collections/shop-by-specialization-developer
Title: Development

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/collections/shop-by-interest-android
Title: Android

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 37

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthehackernews.com%2F&domain=thehackernews.com&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=q0EwpXxxNE9KcHJxY0p5c21pcVBEc0V2TVdmNE9qRzFhYklGQlVaWm92UEZaN3VISFZTY0doMmMwby83QjBDSTc3c3N2emRCVXVGN3JPTWlwZzgzeHZCVGs5UDh0Q3hCUnlzTkR5QXRjREVwcjBtQ3hEYldqSE0raTJYYkE3dFNFZFZIeUpYS3JPV21QU1RGRFh1VW52NnJ4dWZHVlArWE1mdFNIdHVoc1IySlJBZ09yajdTL2o4STVqSXBNeXV5TmZDemNLOUFEV3Q0enBNeDdaNWFUZnJaMHVubTg2Z3U5Q1pJWkxLYmtQWGRnRE1vPXw&cppv=2

Request Chain 126

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 127

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 131

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 143

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 158

https://gum.criteo.com/sid/json?origin=publishertag&domain=thehackernews.com&sn=ChromeSyncframe&so=3&topUrl=thehackernews.com&bundle=VzKv419VMmp3QnJGJTJGN09FbWs3Z0swT0E3TllSWWV6cEpEVHRONnk5VllEaTM2aXdYRFRtY2xuVDdyUktQZ05DRHFvem5QSGl2JTJCZjUzWXhYV1hUMGs1RHNwZDlWOGRXVTdobUgya0lPJTJCVFlJJTJCMUtiYWRtcHJ4SmJRMDNSM0RsV0pOWDBG&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=KJBDxnxoNzN1WVI0akFOdTd2VzNzcjRZNzZTb2x6VEM5Y2wwODE2eFVzRXFlZ21WT2pLMDFDL1lydVBuRmwwRUZiS2hVakErWE93UUpvaGVYaFNhYStMTXZONHYzZkFLdkx1U0hMK2x3UmtDOGhUUS9ubDIxbGxHN3Q4WjZhYkZScXo2VitKbnd5Qm9GZ1RkZmxlSlpKZ3ptNWZFN3lMenhSMUovZTdET2NJR0ZBQW9aWDNoOVdReng1d2RHWWJpZlNVVXhxTVcyQnBTUGkzTUdveTJaRkFWWnVhbEQ0ODJVUkxjZEdEdC9qRkczejNaaHRCTXR0L0wvYWU0YnhkLy92dnNld0R1UHZKNlBiUGdsZ1R0WW1iK3RtbGx5LzBBZkY5NDlUbzhYR3pXQlU2bz18&cppv=2

Request Chain 167

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMoYFuetstT560OuJDkGISs&google_cver=1

Request Chain 168

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YrlXPZ3CbO9m7u6e95JT8QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMoYFuetstT560OuJDkGISs&google_cver=1

Request Chain 169

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEHSUyU0_Nuejgv27H_e3hH4&google_cver=1

Request Chain 170

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTIxNDQxMzA0NTY1ODgwOTgxMg%3D%3D

Request Chain 179

https://um.simpli.fi/gp_match?google_gid=CAESEOf7GWcCJdTiy7H2VttBlAo&google_cver=1&google_push=ARnp8GBP6KVeNBwB4j5OqXrobme2ItBqm8GM1CFJDYgOoLE2t1JOoKn0S8NbKV6jqzbo_g38bjXPttmceXH0AGHHZQUr2iX1YeBZ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=6B09D60137444AB0BD333C1652E809BA&google_push=ARnp8GBP6KVeNBwB4j5OqXrobme2ItBqm8GM1CFJDYgOoLE2t1JOoKn0S8NbKV6jqzbo_g38bjXPttmceXH0AGHHZQUr2iX1YeBZ

Request Chain 180

https://ads.travelaudience.com/google_pixel?google_gid=CAESELaRu_tFYmjHr99VOS9Sv1c&google_cver=1&google_push=ARnp8GDDFOAwgA2t08mi0KQ9sDUjt77VtV3KLkmK-olbOo4rvI_IKDdnI7gulvwzbOZMQoOw7KomO3CvvEl0DREp63iqqWyh2BZ8Pg HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=Aqzs6F_ERdG-1-HEbr-TgQ2&google_push=ARnp8GDDFOAwgA2t08mi0KQ9sDUjt77VtV3KLkmK-olbOo4rvI_IKDdnI7gulvwzbOZMQoOw7KomO3CvvEl0DREp63iqqWyh2BZ8Pg

Request Chain 181

https://d5p.de17a.com/cookies/google?google_gid=CAESELXcyHZ9egWqSiq0QMqJRXo&google_cver=1&google_push=ARnp8GAxbIOykpQ4wZWxOR8TGVfU9bqk-PxEwkd7R_3GgPyEVN0G_5k-68N3SuY8VNU5QZkNC92HqbmI2UKzmxNRlwGvusUW6y4u4w HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESELXcyHZ9egWqSiq0QMqJRXo&google_cver=1&google_push=ARnp8GAxbIOykpQ4wZWxOR8TGVfU9bqk-PxEwkd7R_3GgPyEVN0G_5k-68N3SuY8VNU5QZkNC92HqbmI2UKzmxNRlwGvusUW6y4u4w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ARnp8GAxbIOykpQ4wZWxOR8TGVfU9bqk-PxEwkd7R_3GgPyEVN0G_5k-68N3SuY8VNU5QZkNC92HqbmI2UKzmxNRlwGvusUW6y4u4w

Request Chain 182

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEAnHgzbj--g9dYFaGOsBjqU&google_cver=1&google_push=ARnp8GC2tHsH2iQnzN8_2HKr1fv9Wk6i1ovELzVHzbmmbtOuz9_6boouCHpDzxYkDmZxaIH568xWkvEKINyU7nQZpD_ypJZA1rbN HTTP 302
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEAnHgzbj--g9dYFaGOsBjqU&google_push=ARnp8GC2tHsH2iQnzN8_2HKr1fv9Wk6i1ovELzVHzbmmbtOuz9_6boouCHpDzxYkDmZxaIH568xWkvEKINyU7nQZpD_ypJZA1rbN&s=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=ARnp8GC2tHsH2iQnzN8_2HKr1fv9Wk6i1ovELzVHzbmmbtOuz9_6boouCHpDzxYkDmZxaIH568xWkvEKINyU7nQZpD_ypJZA1rbN&google_hm=d1lEVTh1cXFMUEVMaTRWQ1JsUGc=

Request Chain 183

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBIHRaiA6T5gij-uiDhTxFQ&google_cver=1&google_push=ARnp8GAn7EJmdD4Fuhtqa5oJc4WYVrcVCr48flnll-XFwPZLfvCxXO9Otl4NYxH7iToNU_LhiWVgJIzn1dy2f-xdS7WH_9bgptXdxg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRXRURYWFktRi1GTVpI&google_push=ARnp8GAn7EJmdD4Fuhtqa5oJc4WYVrcVCr48flnll-XFwPZLfvCxXO9Otl4NYxH7iToNU_LhiWVgJIzn1dy2f-xdS7WH_9bgptXdxg

Request Chain 217

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
https://ads.servenobid.com/sync?pid=312&uid=5214413045658809812

Request Chain 218

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D HTTP 302
https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D&dnr=1 HTTP 302
https://ads.servenobid.com/sync?pid=310&uid=E4SruRZHlqrNRb4jRMWW22-A

Request Chain 221

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1656313664180 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8968447748

Request Chain 222

https://p.rfihub.com/cm?pub=44007&in=1 HTTP 302
https://ads.servenobid.com/sync?pid=324&uid=5140084921088249835

Request Chain 224

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D HTTP 302
https://ads.servenobid.com/sync?pid=327&uid=fec90650-262b-4687-bac7-5c281cd00a75&gdpr=0&gdpr_consent=&us_privacy=1YN-

Request Chain 225

https://ups.analytics.yahoo.com/ups/58559/occ HTTP 302
https://ups.analytics.yahoo.com/ups/58559/occ?verify=true HTTP 302
https://ads.servenobid.com/sync?pid=337&uid=y-Fn9b0_RE2uG8EyLIXdic_4z7nSlfoTYoI.OvGAE-~A

Request Chain 228

https://ups.analytics.yahoo.com/ups/58632/occ HTTP 302
https://ups.analytics.yahoo.com/ups/58632/occ?verify=true HTTP 302
https://ads.servenobid.com/sync?pid=339&uid=y-Fn9b0_RE2uG8EyLIXdic_4z7nSlfoTYoI.OvGAE-~A

Request Chain 231

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/x3V0s_Fd9Weq2XVc4WJing?csrc=

Request Chain 232

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NDk5ZmY1ZWMwMDFhNzJkMTczZWIzMzkwNjUzMmE4ODJlY2M4YWFhMg

Request Chain 234

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L4WEDXXY-F-FMZH

Request Chain 235

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRXRURYWFktRi1GTVpI

Request Chain 237

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESECbkn_ayhDTKbM5eed44xTg&google_cver=1

Request Chain 239

https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID HTTP 302
https://usersync.gumgum.com/usersync?b=apn&i=5214413045658809812

Request Chain 242

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://usersync.gumgum.com/usersync?b=opx&i=5d5a246c-6bf2-40ec-a3ba-d8c41ab14d45

Request Chain 244

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent= HTTP 302
https://usersync.gumgum.com/usersync?b=oth&i=y-uKcvim9E2pca50Fcvu6I2hJgt.STT_ZIIvgQ~A

Request Chain 248

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_296ec973-b23c-41b1-9c26-bcc8515f0145&gdpr=0&gdpr_consent=&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__ HTTP 302
https://stags.bluekai.com/site/23178?id=wYDU8uqqLPELi4VCRlPg&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS65LTMVZHG6LOMMXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT252ZIRKTQ5LROFGFARKMNE2FMQ2SNRIGOJTVONPXA4TJOZQWG6J5GEWS2LI&gdpr=0&us_privacy=1---

Request Chain 250

https://sync.1rx.io/usersync2/floor6?gdpr=0&gdpr_consent=&dspret=1&redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3D%5BRX_UUID%5D HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1834780044

Request Chain 262

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
https://eus.rubiconproject.com/usync.html?p=gumgum

Request Chain 267

https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5140084921088249835

Request Chain 276

https://sync.1rx.io/usersync2/smartadserver?gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4753988253

267 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request rig-exploit-kit-now-infects-victims-pcs.html Show response
thehackernews.com/2022/06/ 148 KB
70 KB 559ms
113ms Document
text/html 2606:4700:20::681a:161
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:161 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordPress VIP

Resource Hash

678cfbbbcdc4f8118965675c9c380aeb23c3d201f95034a4e61eb10afc036103

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 15852
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, s-maxage=604800, max-age=0
cf-cache-status: MISS
cf-ray: 721c58c2e8100f6e-MXP
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Mon, 27 Jun 2022 07:07:36 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Mon, 27 Jun 2022 02:43:23 GMT
last-modified: Sun, 26 Jun 2022 22:43:26 GMT
link: </css/roboto.css>; as=style; rel=preload
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lhVDlXwJLuq9QXMqqmC41Aycz62J3Vp4XJis5rmQ%2FRYvSNVw%2BdoPxnpsgZvCv9cbsbSH0KYpA8kLqsmfmnjO%2FPcMoY72UOt3DPLEXN9m3r1jsXoQiv9%2B0BRin2CqIHM2fqSYXwEQLi5NQiRnJxU8"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding, accept,amp-cache-transform
x-content-type-options: nosniff
x-forwarded-for: 2001:ac8:21:e::7
x-frame-options: DENY
x-powered-by: WordPress VIP
x-xss-protection: 1; mode=block

GET
H2 200 roboto.css
thehackernews.com/css/ 77 KB
57 KB 112ms
112ms Stylesheet
text/css 2606:4700:20::681a:161
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thehackernews.com/css/roboto.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:161 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d8ab8467b889847c12c542bee765afc54acbaff1cc91ce3197ab4f2be8f08ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:36 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ozvDHs4muaZln0ogMC3GLpLLxxibh9yVs5BNpIjzZBSr%2Bc%2BRrwkKNwiGY4jAZ6WudLN3OtslJspdPR%2Fx9so3Pj3q%2FN06WsWBaUso0LzSYdrvaNmiook3iPya3T7ktdsu963Yye%2Bk23MJGSOUe3uz"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, immutable, s-maxage=8640000
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 721c58c3b8cc0f6e-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 malware.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj2wZ2WigbmeeiVSmTQ4-67rEYUW7v2I3ZX859kqxEIsqx_2RJvNHrPTNneci3kd3F74Xm1l3X8wl9ksep25v3sDCVMUE1-yMNEWMgUJEqIox4oxaikOSq0B0VsoRBGOKG5ulhQWnk5i6xfltyN5... 177 KB
178 KB 365ms
365ms Image
image/jpeg 2606:4700:20::681a:161
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj2wZ2WigbmeeiVSmTQ4-67rEYUW7v2I3ZX859kqxEIsqx_2RJvNHrPTNneci3kd3F74Xm1l3X8wl9ksep25v3sDCVMUE1-yMNEWMgUJEqIox4oxaikOSq0B0VsoRBGOKG5ulhQWnk5i6xfltyN5mGJdW3t0z1vXjd6kaxCI5E6GFZ4ZU4L5YI1QY6S/s728-e1000/malware.jpg

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:161 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22bd211c8f9d12b20bd22f646e2e5cc968aec23b674f33df44756ad73ac817e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:37 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-forwarded-for: 2001:ac8:21:e::7
content-disposition: inline;filename="malware.jpg"
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 181175
x-xss-protection: 0
server: cloudflare
etag: "v1b7b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w7SSMaQyCLdbnZdlgTVWbewdQ29lHBW1LKjxRuWvgHTypYrsWYnW895hsqemybnnr24SYnPKwyCnLqBmgGlRuJSzvzmn7WmGQvDuLhMIBnL2Y1sV%2BUCw%2BQghWoPFJL2SdoPM4eH%2Fcnb0PksT2n5S"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-expose-headers: Content-Length
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 721c58c3c8ce0f6e-MXP
expires: Sun, 23 Mar 2025 07:07:37 GMT

GET
H3 200 map.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgBpTikSneV7T3pFFHkZC1iuLdpeuTlKFreYCRkDWPEJCcFNrVu_Aggg1pmArUunZao5RrT-2KwOLvxqcLBsymx3usE7pg7w7r3-aMy8PMbHKVLzrIsvKtKxSBr-L7BqKKlHxkCNn5_uTy5U6_dQ... 90 KB
91 KB 82ms
81ms Image
image/jpeg 2606:4700:20::681a:161
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgBpTikSneV7T3pFFHkZC1iuLdpeuTlKFreYCRkDWPEJCcFNrVu_Aggg1pmArUunZao5RrT-2KwOLvxqcLBsymx3usE7pg7w7r3-aMy8PMbHKVLzrIsvKtKxSBr-L7BqKKlHxkCNn5_uTy5U6_dQHHR62Yoltgm_TiuZc8f7rkgEDfDB3-tzcmG-onm/s728-e1000/map.jpg

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:161 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0d67bdb6efb8956499314dd271d21f8de70cd142e358b9dc16c1ea5617b2c24

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7387
x-forwarded-for: 213.55.225.111
content-disposition: inline;filename="map.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 92413
x-xss-protection: 0
expires: Sun, 23 Mar 2025 05:04:30 GMT
server: cloudflare
etag: "v1b79"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=giZ%2FlhPEXnVUIio60mtPgPfZnPX4gzL3ZrauSoHthhw3VL682fI1AbAfN2NsMaoHQezy4N1a29Pt9MqOA5xATKH0Yrr4BJ5c6nkHIPNkQA%2BDJQKUvJnZlaVujJnTJ3vnby7%2FnUDvVXsGM1z7UXl7"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 721c58c47daf0e16-MXP
access-control-expose-headers: Content-Length

GET
H3 200 rocket-loader.min.js Show response
thehackernews.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 70ms
68ms Script
application/javascript 2606:4700:20::681a:161
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thehackernews.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:161 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
last-modified: Tue, 14 Jun 2022 16:43:30 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"62a8bab2-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vrlVbTLLefmQFY9H9qfchywBQ8LOA3Bj49D1NHXKiaZB1slWKwS9L1rG1JwpSyZzyZZ5zX6d8XMUHLqsNZy8ZTGl2g9otfTXPkjRRGG6mPLnh10A1qRXf7h2qZJHKaBEKTCddO070Fn5qXjW6%2B1I"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 721c58c48db60e16-MXP
expires: Wed, 29 Jun 2022 07:07:37 GMT

GET
H2 200 adpushup.js Show response
cdn.adpushup.com/37020/ 441 KB
117 KB 204ms
88ms Script
application/javascript 2606:4700:4400::ac40:99f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adpushup.com/37020/adpushup.js
Requested by: Host: thehackernews.com
URL: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:99f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f46567d3913857de0723b7efb8737672353d3ac6c0470a44d2017a9806b7bf2

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:37 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Jun 2022 11:44:00 GMT
server: cloudflare
age: 495473
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
x-cf-geodata: CH
cf-ray: 721c58c53ed323df-ZRH
expires: Mon, 27 Jun 2022 08:07:37 GMT

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c6a9d65e5bd6eb2447ea57e398e1d30f3c6e2d022ecf195933d161ffed964690

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a71328300f380217ae0abf7f805052a10a0c196cb241eb97adf9b905e4a48c8a

Request headers

Referer
Origin: https://thehackernews.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: application/font-woff

GET
DATA 200
OK truncated
/ 27 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d64f4662969ecae048bd993de6d91ef6296d12a7c059a08589c6bddb4a21875

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 103 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 688a1e2444a1171a4cfbc8674c62d53bc663bf35a7825eb3563851e79694411c

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 442 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6795c5c8b9b0aeb87d6663ccd7a71fb9d2f2817fe9b5c2e67bce0d5a5e1309a1

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 194 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f88754ecdaeedbf69845f3cb4015909beff31f92b173185c075ff8ab40ae3d02

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 spyware.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEi_58XOVBOF2WpPZngrxCJrgYE6cjkbHpIcr-GX7d5Uzhck2ObXSwQKiQTpq9FmEN3WmoMkwju5efF9Xc01CVrFq1eFhtqleQPi7XpbXcsShqMm6ZWg3YasiFzVSrhfNa_036T7P-qZVmq81PX66... 5 KB
5 KB 132ms
131ms Image
image/webp 2606:4700:20::681a:161
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEi_58XOVBOF2WpPZngrxCJrgYE6cjkbHpIcr-GX7d5Uzhck2ObXSwQKiQTpq9FmEN3WmoMkwju5efF9Xc01CVrFq1eFhtqleQPi7XpbXcsShqMm6ZWg3YasiFzVSrhfNa_036T7P-qZVmq81PX66kNUWzIRXGQ4MlR1GF-UHRjfbpNeyFAavp0k0JZC/w72-h72-p-k-no-nu/spyware.jpg

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:161 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40c521c64b2d083d7fcb658a185feabfc8e0dd2092b2e650f301933bdc58d456

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 129340
cf-polished: origFmt=jpeg, origSize=4959
x-forwarded-for: 95.246.145.40
content-disposition: inline; filename="spyware.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4718
x-xss-protection: 0
expires: Sun, 26 Jun 2022 19:11:57 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "v1bab"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FlJ%2FZYNLbY7rGeuz%2Biz5ydh4K7kGfAIkkS%2FMvjSRSEGhGY32YnI5%2BczizZpipkDbaY2GcqJU19j7Kv%2B5pvLMXb3%2FCpOwNKxfXNbGny77iH%2FSZOojRbG4C9TMIvrM9FZJguSUR78CWMti0%2FTHqhyQ"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
vary: Accept, Accept-Encoding
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 721c58c54e850e16-MXP
access-control-expose-headers: Content-Length

GET
H3 200 s.js Show response
thehackernews.com/cdn-cgi/zaraz/ 4 KB
2 KB 140ms
139ms Script
text/javascript 2606:4700:20::681a:161
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thehackernews.com/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyUklHJTIwRXhwbG9pdCUyMEtpdCUyME5vdyUyMEluZmVjdHMlMjBWaWN0aW1zJyUyMFBDcyUyMFdpdGglMjBEcmlkZXglMjBJbnN0ZWFkJTIwb2YlMjBSYWNjb29uJTIwU3RlYWxlciUyMiUyQyUyMnglMjIlM0EwLjc3MTg2MDc1NTA2MDkxMDIlMkMlMjJ3JTIyJTNBMTYwMCUyQyUyMmglMjIlM0ExMjAwJTJDJTIyaiUyMiUzQTEyMDAlMkMlMjJlJTIyJTNBMTYwMCUyQyUyMmwlMjIlM0ElMjJodHRwcyUzQSUyRiUyRnRoZWhhY2tlcm5ld3MuY29tJTJGMjAyMiUyRjA2JTJGcmlnLWV4cGxvaXQta2l0LW5vdy1pbmZlY3RzLXZpY3RpbXMtcGNzLmh0bWwlMjIlMkMlMjJyJTIyJTNBJTIyJTIyJTJDJTIyayUyMiUzQTI0JTJDJTIybiUyMiUzQSUyMlVURi04JTIyJTJDJTIybyUyMiUzQTAlMkMlMjJxJTIyJTNBJTVCJTVEJTdE

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:161 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa6545f4f990af3405e218436164a0cdc74e77ec18e2b1f074e1e602e2597f32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:37 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-methods: GET, HEAD, POST, OPTIONS
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4OCvdHexFNjwKgcguuaRw8b7%2B3R4yvWaOgTlycO44TEOefoSvmyt%2BcGtCfQpyQZlOZmR5crlQG%2F%2FvyQ%2FyvDwmfB3bmt9zfLvHPw9A3VT5kVsjYstMtXcMapb1K2aXCltfWPHCo1GtJiYZInzZYE9"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
access-control-allow-origin: https://thehackernews.com
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
cf-ray: 721c58c55e8c0e16-MXP
access-control-allow-headers: Content-Type, Set-Cookie, Cache-Control

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 102ms
33ms Script
application/javascript 2001:4de0:ac18::1:a:3b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/37020/adpushup.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:37 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-15d9d"
vary: Accept-Encoding
x-hw: 1656313657.dop041.lo4.t,1656313657.cds259.lo4.hn,1656313657.cds081.lo4.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H3 200 python.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhpWTWGWnd5_8WNFfUUi1_F_FzHSjI7D2mFONMt_Xr6GgeybL87WBPueIJtPOP4uaRC3QaWxLyxNUM2FaEWedDOkkdC-fwf1Le9Q_SnmhQm0o1rS3s4acCKwJJ4_yFcvysGUntPK-oZ0VrLaMlAK... 3 KB
4 KB 82ms
80ms Image
image/jpeg 2606:4700:20::681a:161
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhpWTWGWnd5_8WNFfUUi1_F_FzHSjI7D2mFONMt_Xr6GgeybL87WBPueIJtPOP4uaRC3QaWxLyxNUM2FaEWedDOkkdC-fwf1Le9Q_SnmhQm0o1rS3s4acCKwJJ4_yFcvysGUntPK-oZ0VrLaMlAK4-Y4ZiTQGA7zsXbkXNR1mXYWGL6o7JDbbk0PFi4/w72-h72-p-k-no-nu/python.jpg

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:161 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db74e32218f93d9da40f157c5f75a05bc8f495ff4c388fbeb2d4b361a61fe883

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 183360
cf-polished: origSize=3035, status=webp_bigger
x-forwarded-for: 195.112.95.126
content-disposition: inline;filename="python.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3032
x-xss-protection: 0
expires: Sun, 26 Jun 2022 04:11:37 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "v1ba5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6gosCPABNp765%2Bdn%2F68vuCud8g16soNTaBVsTgmTtgoAZIIWQeEBzh3mg8nqKw1YjOmIg7EvZ2oRSmD4yYfZMgjGSq7FXEkGGtf%2BqbMvTB058nWCgEDmlV%2BEfzilHuopxUVqXYzqc4graAu60TFj"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 721c58c67f9f0e16-MXP
access-control-expose-headers: Content-Length

GET
H3 200 cyber.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEi5X3Jd7s-HDrRGAzXR0jO-9AxkHIJFvY_mh-vEM8Fmbb9VoDKrFuAaBPNb4PZX9dpszwI5DOLlHanXHCtRH_i9wttW66M81LeTHOwaRoQbidQ8jbjiRaxon2rP5R4FEVCxE24ddrC7Xch5hBgta... 4 KB
5 KB 79ms
78ms Image
image/webp 2606:4700:20::681a:161
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEi5X3Jd7s-HDrRGAzXR0jO-9AxkHIJFvY_mh-vEM8Fmbb9VoDKrFuAaBPNb4PZX9dpszwI5DOLlHanXHCtRH_i9wttW66M81LeTHOwaRoQbidQ8jbjiRaxon2rP5R4FEVCxE24ddrC7Xch5hBgtaTkoRQjJ9Ag2eIaavmYF0C0ilRVh-Nm3JbbBxfYa/w72-h72-p-k-no-nu/cyber.jpg

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:161 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d31dcce28ef00f22559cf2f2d3f2d4d442dafb2fdbcec52c4f09a0df9b611408

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 272857
cf-polished: origFmt=jpeg, origSize=4116
x-forwarded-for: 195.112.95.126
content-disposition: inline; filename="cyber.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4018
x-xss-protection: 0
expires: Sat, 25 Jun 2022 03:20:00 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "v1b6b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C9wJqjvWo9T89AmExJOPg1kgCqa1HnIj7PNIqgg4AKUX3JmM%2FPKhR7ysX2mHbLA5Ne7rHMqxiRMu%2BxHwLCKmztc1IQvlgVuEfyg6eLt8qxvQp1wP2Ie5sRTIXbrScBNQ0KB43WYhSdf0asJfLNxp"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
vary: Accept, Accept-Encoding
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 721c58c67fa00e16-MXP
access-control-expose-headers: Content-Length

GET
H3 200 Google%20Researchers%20Detail%205-Year-Old%20Apple%20Safari%20Vulnerability%20Exploited%20in%20the%20Wild.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiYhs0ipenD0AoL9V_aDGu9Ne59wQB4dVjm765OFf3mrjKTBnTs1wKWI7wEhojmYN1I7kb8uwSBREekjYU8iT0Vwm5Hyt1OKmgy_fleoHryLao0e7ASyt3c-RFQZr0hQPO7IMPscn9-BZbr_-cYq... 2 KB
3 KB 76ms
75ms Image
image/webp 2606:4700:20::681a:161
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiYhs0ipenD0AoL9V_aDGu9Ne59wQB4dVjm765OFf3mrjKTBnTs1wKWI7wEhojmYN1I7kb8uwSBREekjYU8iT0Vwm5Hyt1OKmgy_fleoHryLao0e7ASyt3c-RFQZr0hQPO7IMPscn9-BZbr_-cYqs7nuTB5CSFjV0CmokCbPxE6hFiOt5lshyEgS6bP/w72-h72-p-k-no-nu/Google%20Researchers%20Detail%205-Year-Old%20Apple%20Safari%20Vulnerability%20Exploited%20in%20the%20Wild.jpg

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:161 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3809139f77b223c5f82d54f520b332de924f0acd84dd686e5ab28015fad74d6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 272857
cf-polished: origFmt=jpeg, origSize=3100
x-forwarded-for: 195.112.95.126
content-disposition: inline; filename="Google%20Researchers%20Detail%205-Year-Old%20Apple%20Safari%20Vulnerability%20Exploited%20in%20the%20Wild.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2514
x-xss-protection: 0
expires: Sat, 25 Jun 2022 03:20:00 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "v1b69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XJSwIYb9bSglw9p9fEp0HZInfqCkfDE0AnzfUnBkUz3dy2LjX6VMlqFPYop62MacMePISOt3n8SAMJCaS7J7%2Fhxic%2BkXijp8Q9n2%2F4MGDo5XbVo4%2B4LBFejD7gUnsPtOXupRGh5ai5etcPxP8qvQ"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
vary: Accept, Accept-Encoding
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 721c58c67fa10e16-MXP
access-control-expose-headers: Content-Length

GET
H3 200 hacking.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEim4NFlgiedsZyM9nwoYZyVFg6NDuuooSW_q7ZeHdDb9c-nm4-fV2cZ6gwe2Qw3aeBydho972W0dJXA-6XkWQU2Zj04xgVPiu3gJoJh70MQgBnT_aY_qN1k1go36E2XRD6oe1BuRQFLz8N9817kp... 3 KB
3 KB 77ms
76ms Image
image/jpeg 2606:4700:20::681a:161
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEim4NFlgiedsZyM9nwoYZyVFg6NDuuooSW_q7ZeHdDb9c-nm4-fV2cZ6gwe2Qw3aeBydho972W0dJXA-6XkWQU2Zj04xgVPiu3gJoJh70MQgBnT_aY_qN1k1go36E2XRD6oe1BuRQFLz8N9817kpoUXk2pdVCpIEqyo820bqOR6_HxWEZUByMqpZhQl/w72-h72-p-k-no-nu/hacking.jpg

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:161 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd458c32f7959669c5d0c9af8b60d1b4bb8b5151b516a3001e75006e2359ae21

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 88949
cf-polished: origSize=2678, status=webp_bigger
x-forwarded-for: 62.201.214.122
content-disposition: inline;filename="hacking.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2674
x-xss-protection: 0
expires: Mon, 27 Jun 2022 06:25:08 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "v1bad"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zKzsjo1%2FCRdYEcgNb0y1j8HmYc24uo%2BEfLIAotbkgCyR4uvARnZs%2FBZxorte3VJ57MoG5wW%2Bcgs%2BcElRtmj4QzXEwv3nEkmkQW9aSmezHszdhzXb916PjWp7DRW8ZXM4Nwr5IDy38355GUKAKDaV"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 721c58c67fa20e16-MXP
access-control-expose-headers: Content-Length

GET
H3 200 nso.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjHOkvfzs7535fRtrbjxNjCL9r-rCkWTBO4zesnz9tNZ9hK8gjPp-RjZIlpcHla_ufM8JCKHAzeu5h4rCPVO43qSx5hxXYx8rKIV-sN-bcMPWDoQpXEeh5I8Urm3kmGLsBB1Gefy2fjlIRIseYpr... 4 KB
4 KB 74ms
73ms Image
image/jpeg 2606:4700:20::681a:161
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjHOkvfzs7535fRtrbjxNjCL9r-rCkWTBO4zesnz9tNZ9hK8gjPp-RjZIlpcHla_ufM8JCKHAzeu5h4rCPVO43qSx5hxXYx8rKIV-sN-bcMPWDoQpXEeh5I8Urm3kmGLsBB1Gefy2fjlIRIseYprP_eiejsJ8OkHWaoCXXxQlMTu3DBKW4BALRn3S9y/w72-h72-p-k-no-nu/nso.jpg

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:161 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9834f2bde632b419715af174d5de50cc8e35409b56d47a5e22d3c113de0828ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 160536
cf-polished: status=not_needed
x-forwarded-for: 195.112.95.126
content-disposition: inline;filename="nso.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3892
x-xss-protection: 0
expires: Sun, 26 Jun 2022 10:32:01 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "v1b93"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UD%2BlvhhOPTDBZep7LtAlC%2FsgY4IXxiuGshHVhWRGnZWo3U2I8KPYIOouHPFnJOCy75ytQImlXq1Cctq%2B2xxsvI2W25ejZuW%2FNReD1pX2QIuKKYFOPzSxbtmi49opHtI962%2BekbNGnIHSj24YPqGs"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
vary: Accept-Encoding
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 721c58c67fa40e16-MXP
access-control-expose-headers: Content-Length

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 151ms
58ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:37 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1600644
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27938
timing-allow-origin: *
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "603e8adc-15d9d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DDvBF1xTvH%2BccCuiWFaI2khLmSRd0e1oNimj2XVmp8ZqKK2Yw4fQs20RDsoCglZZqIDB1Cbe9tPaSMAaOIjE6CiamNmN4Gr41fOg7mblUqcWxSIcXYFh9jrLJXE%2BKVygU5G4%2BlUCHKq68i7bXiORdO2h"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 721c58c7b9ab0219-ZRH
expires: Sat, 17 Jun 2023 07:07:37 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 146 KB
51 KB 153ms
65ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f4f0396a03ed8551502e15da4ce36719b36e9d600bc03f32b1093e70934f57b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51522
x-xss-protection: 0
server: cafe
etag: 8996487217953109911
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 27 Jun 2022 07:07:37 GMT

GET
H2 200 pb.37020.1652339691291.js Show response
cdn.adpushup.com/prebid/ 346 KB
104 KB 76ms
76ms Script
application/javascript 2606:4700:4400::ac40:99f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/37020/adpushup.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:99f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73f85b949987db91e6d2e4b11a8b5ee5ab0737277bcf2887724e9ce76d38f6fe

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:37 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 12 May 2022 07:15:28 GMT
server: cloudflare
age: 568655
etag: W/"627cb410-567d8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 721c58c78b5023df-ZRH
expires: Tue, 27 Jun 2023 07:07:37 GMT

GET
BLOB 200
OK 5716714f-7eb5-4794-9960-7efc0130b285
https://thehackernews.com/ 4 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://thehackernews.com/5716714f-7eb5-4794-9960-7efc0130b285
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41f36457d5ec5bd7d115c29bea53e0d1ff77de7418837ef39e897f3b7d497e8a

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Length: 3743

GET
H2 200 quantcast.js Show response
cdn.adpushup.com/pbuseridscripts/ 450 B
348 B 57ms
57ms Script
application/javascript 2606:4700:4400::ac40:99f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adpushup.com/pbuseridscripts/quantcast.js
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/37020/adpushup.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:99f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26914004d3a8d5ddde2202b642d7936eb61c9f195b5cd3c87e44ef8ad4d57c16

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:37 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 28 Jun 2021 04:15:23 GMT
server: cloudflare
age: 11753909
etag: W/"60d94cdb-1c2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 721c58c83ca723df-ZRH
expires: Tue, 27 Jun 2023 07:07:37 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 82 KB
28 KB 273ms
88ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/37020/adpushup.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

sffe /

Resource Hash

e2225748345f1572a7b8f7963a81a2a9e05ffb730231a38d3862db4dd59d7f09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28120
x-xss-protection: 0
server: sffe
etag: "1257 / 28 of 1000 / last-modified: 1656108433"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 27 Jun 2022 07:07:37 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 140 KB
39 KB 171ms
63ms Script
application/javascript 143.204.93.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/37020/adpushup.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.93.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-93-3.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fb513f6173396cc8dcef3ae1f88b0b8b11a1cd5b5e1142639c83e91c7ae26e08

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 27 Jun 2022 06:38:58 GMT
via: 1.1 a49c26e403f2dac09629dceb6dac5740.cloudfront.net (CloudFront), 1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront)
last-modified: Thu, 09 Jun 2022 19:20:00 GMT
server: AmazonS3
age: 1720
etag: W/"915836bd4f06d8d29dfc0840694722ed"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-pop: FRA60-P1, FRA50-C1
content-encoding: gzip
x-amz-cf-id: 5YXZwfx1fVI-PZm8N5SRR5axffFCnKUGkYP2wvd4ry9gq3izjmqRNA==

GET
H2 200 sync
e3.adpushup.com/AdPushupFeedbackWebService/user/ 70 B
320 B 120ms
35ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e3.adpushup.com/AdPushupFeedbackWebService/user/sync
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:37 GMT
ap-cookie-status: cookies ap_uid and ap_usid not set due to GDPR
access-control-allow-methods: GET, POST
content-type: image/png
access-control-allow-origin: https://thehackernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-robots-tag: noindex
content-length: 70
expires: 0

GET
H2 200 testmode
e3.adpushup.com/AdPushupFeedbackWebService/feedback/ 70 B
131 B 119ms
36ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e3.adpushup.com/AdPushupFeedbackWebService/feedback/testmode?data=eyJjcmVhdGVkVFMiOjE2NTYzMTM2NTc2MjAsInBhY2tldElkIjoiMDAwMDkwOUMtMGIxYzZkZWYtNTUwZS00YWIyLWE3NTQtNDk5ZjIxNjg3NmM4Iiwic2l0ZUlkIjozNzAyMCwic2l0ZURvbWFpbiI6Imh0dHBzOi8vdGhlaGFja2VybmV3cy5jb20vIiwidXJsIjoiaHR0cHM6Ly90aGVoYWNrZXJuZXdzLmNvbS8yMDIyLzA2L3JpZy1leHBsb2l0LWtpdC1ub3ctaW5mZWN0cy12aWN0aW1zLXBjcy5odG1sIiwibW9kZSI6NCwiZXJyb3JDb2RlIjowLCJyZWZlcnJlciI6IiIsInBhZ2VHcm91cCI6IlBPU1QiLCJwbGF0Zm9ybSI6IkRFU0tUT1AiLCJpc0dlbmllZSI6ZmFsc2UsInNlY3Rpb25zIjpudWxsfQ%3D%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:37 GMT
access-control-allow-methods: GET, POST
content-type: image/png
access-control-allow-origin: https://thehackernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-robots-tag: noindex
content-length: 70
expires: 0

GET
H2 200 feedback
e3.adpushup.com/AdPushupFeedbackWebService/ 70 B
131 B 119ms
36ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e3.adpushup.com/AdPushupFeedbackWebService/feedback?data=eyJjcmVhdGVkVFMiOjE2NTYzMTM2NTc2MjEsInBhY2tldElkIjoiMDAwMDkwOUMtMGIxYzZkZWYtNTUwZS00YWIyLWE3NTQtNDk5ZjIxNjg3NmM4Iiwic2l0ZUlkIjozNzAyMCwic2l0ZURvbWFpbiI6Imh0dHBzOi8vdGhlaGFja2VybmV3cy5jb20vIiwidXJsIjoiaHR0cHM6Ly90aGVoYWNrZXJuZXdzLmNvbS8yMDIyLzA2L3JpZy1leHBsb2l0LWtpdC1ub3ctaW5mZWN0cy12aWN0aW1zLXBjcy5odG1sIiwibW9kZSI6MiwiZXJyb3JDb2RlIjo3LCJyZWZlcnJlciI6IiIsInBhZ2VHcm91cCI6IlBPU1QiLCJwbGF0Zm9ybSI6IkRFU0tUT1AiLCJpc0dlbmllZSI6ZmFsc2UsInNlY3Rpb25zIjpudWxsfQ%3D%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:37 GMT
access-control-allow-methods: GET, POST
content-type: image/png
access-control-allow-origin: https://thehackernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-robots-tag: noindex
content-length: 70
expires: 0

GET
H2 200 testmode
e3.adpushup.com/AdPushupFeedbackWebService/feedback/ 70 B
131 B 163ms
93ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e3.adpushup.com/AdPushupFeedbackWebService/feedback/testmode?data=eyJjcmVhdGVkVFMiOjE2NTYzMTM2NTc2MjYsInBhY2tldElkIjoiMDAwMDkwOUMtMGIxYzZkZWYtNTUwZS00YWIyLWE3NTQtNDk5ZjIxNjg3NmM4Iiwic2l0ZUlkIjozNzAyMCwic2l0ZURvbWFpbiI6Imh0dHBzOi8vdGhlaGFja2VybmV3cy5jb20vIiwidXJsIjoiaHR0cHM6Ly90aGVoYWNrZXJuZXdzLmNvbS8yMDIyLzA2L3JpZy1leHBsb2l0LWtpdC1ub3ctaW5mZWN0cy12aWN0aW1zLXBjcy5odG1sIiwibW9kZSI6NSwiZXJyb3JDb2RlIjoxLCJyZWZlcnJlciI6IiIsInBhZ2VHcm91cCI6IlBPU1QiLCJwbGF0Zm9ybSI6IkRFU0tUT1AiLCJpc0dlbmllZSI6ZmFsc2UsInNlY3Rpb25zIjpudWxsfQ%3D%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:37 GMT
access-control-allow-methods: GET, POST
content-type: image/png
access-control-allow-origin: https://thehackernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-robots-tag: noindex
content-length: 70
expires: 0

GET
H2 200 feedback
e3.adpushup.com/AdPushupFeedbackWebService/ 70 B
131 B 104ms
37ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e3.adpushup.com/AdPushupFeedbackWebService/feedback?data=eyJjcmVhdGVkVFMiOjE2NTYzMTM2NTc2MjYsInBhY2tldElkIjoiMDAwMDkwOUMtMGIxYzZkZWYtNTUwZS00YWIyLWE3NTQtNDk5ZjIxNjg3NmM4Iiwic2l0ZUlkIjozNzAyMCwic2l0ZURvbWFpbiI6Imh0dHBzOi8vdGhlaGFja2VybmV3cy5jb20vIiwidXJsIjoiaHR0cHM6Ly90aGVoYWNrZXJuZXdzLmNvbS8yMDIyLzA2L3JpZy1leHBsb2l0LWtpdC1ub3ctaW5mZWN0cy12aWN0aW1zLXBjcy5odG1sIiwibW9kZSI6MSwiZXJyb3JDb2RlIjoxLCJyZWZlcnJlciI6IiIsInBhZ2VHcm91cCI6IlBPU1QiLCJwbGF0Zm9ybSI6IkRFU0tUT1AiLCJpc0dlbmllZSI6ZmFsc2UsInNlY3Rpb25zIjpbeyJzZWN0aW9uSWQiOiI5NjdlY2ZhZC1iZjZiLTQyOWUtOWEzOS05NzcwYzhiN2QxODgiLCJzZWN0aW9uTmFtZSI6IkFQX1RfUl9yZXNwb25zaXZlWHJlc3BvbnNpdmVfOTY3ZWMiLCJzdGF0dXMiOjEsIm5ldHdvcmsiOiJhZHBUYWdzIiwibmV0d29ya0FkVW5pdElkIjoiQURQXzM3MDIwX3Jlc3BvbnNpdmVYcmVzcG9uc2l2ZV85NjdlY2ZhZC1iZjZiLTQyOWUtOWEzOS05NzcwYzhiN2QxODgiLCJzZXJ2aWNlcyI6WzIsM10sImFkVW5pdFR5cGUiOjF9XX0%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:37 GMT
access-control-allow-methods: GET, POST
content-type: image/png
access-control-allow-origin: https://thehackernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-robots-tag: noindex
content-length: 70
expires: 0

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206210101/ 339 KB
120 KB 203ms
94ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206210101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7983783048239650&plah=thehackernews.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8961878cce1987facfa14ded58441a22f9dd59704dc61d815f9019755f773bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122382
x-xss-protection: 0
server: cafe
etag: 1147026209603670345
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 27 Jun 2022 07:07:37 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220622/r20190131/ Frame BD77 10 KB
5 KB 256ms
54ms Document
text/html 2a00:1450:4014:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220622/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4014:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

75a2067c9dff8e58ae83cdb8ee4fe896013966ac4e8f3f1d5e8a75f27c9a1ae2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 36496
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4414
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Jun 2022 20:59:21 GMT
etag: 10429905676100781186
expires: Sun, 10 Jul 2022 20:59:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
10 KB 206ms
42ms Script
application/javascript 2620:116:800d:21:7eb1:3826:be7e:d981
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/pbuseridscripts/quantcast.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:37 GMT
content-encoding: gzip
etag: "u2JtyZzqnTXwzBUswy2r+w=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Mon, 04 Jul 2022 07:07:37 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 207ms
54ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthehackernews.com%2F&domain=thehackernews.com&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://thehackernews.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://thehackernews.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Mon, 27 Jun 2022 07:07:37 GMT
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 1136
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
2 KB 249ms
65ms XHR
application/json 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20220627

Requested by

Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

710d093c698933a1fc0346c407f2d71d4e2b6fb58cc594cd121c65bf707a7202

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 27 Jun 2022 07:07:38 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 14798
x-jsd-version: 1.0.1384
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19155-FRA, cache-iad-kiad7000096-IAD
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"66d-Cu/GVMfr/0Dqdmr9B68wejd3Joo"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=226OEQru4SOVyL%2Fbb0Zqi%2FirCLyKQk4juBip0IJ77Shf%2FSznbubfOOODkJZKQX9Hd%2BPALKSjXaNxkSzPyQ7%2FgzbQSz5CPK%2BpnzDTu17iAyBOCr%2BVywpi66WcPo2js5eLcBi1Rjzz9sZSlVWpP7Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 721c58ca7a92cc5a-ZRH
access-control-expose-headers: *

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthehackernews.com%2F&domain=thehackernews.com&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=q0EwpXxxNE9KcHJxY0p5c21pcVBEc0V2TVdmNE9qRzFhYklGQlVaWm92UEZaN3VISFZTY0doMmMwby83QjBDSTc3c3N2emRCVXVGN3JPTWlwZzgzeHZCVGs5UDh0Q3hCUnlzTkR5QXRjREVwcjBtQ3hEYldqSE0raTJYYk...

344 B
614 B

104ms
36ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=q0EwpXxxNE9KcHJxY0p5c21pcVBEc0V2TVdmNE9qRzFhYklGQlVaWm92UEZaN3VISFZTY0doMmMwby83QjBDSTc3c3N2emRCVXVGN3JPTWlwZzgzeHZCVGs5UDh0Q3hCUnlzTkR5QXRjREVwcjBtQ3hEYldqSE0raTJYYkE3dFNFZFZIeUpYS3JPV21QU1RGRFh1VW52NnJ4dWZHVlArWE1mdFNIdHVoc1IySlJBZ09yajdTL2o4STVqSXBNeXV5TmZDemNLOUFEV3Q0enBNeDdaNWFUZnJaMHVubTg2Z3U5Q1pJWkxLYmtQWGRnRE1vPXw&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

aa30e995c85f54393f61a3979b94bdda3c9a0882fe626502c98a9c4bf69ac2a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:37 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2674
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:37 GMT
location: https://mug.criteo.com/sid?cpp=q0EwpXxxNE9KcHJxY0p5c21pcVBEc0V2TVdmNE9qRzFhYklGQlVaWm92UEZaN3VISFZTY0doMmMwby83QjBDSTc3c3N2emRCVXVGN3JPTWlwZzgzeHZCVGs5UDh0Q3hCUnlzTkR5QXRjREVwcjBtQ3hEYldqSE0raTJYYkE3dFNFZFZIeUpYS3JPV21QU1RGRFh1VW52NnJ4dWZHVlArWE1mdFNIdHVoc1IySlJBZ09yajdTL2o4STVqSXBNeXV5TmZDemNLOUFEV3Q0enBNeDdaNWFUZnJaMHVubTg2Z3U5Q1pJWkxLYmtQWGRnRE1vPXw&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://thehackernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1430
content-length: 482
expires: 0

POST v1
dmx.districtm.io/b/ 0
0

POST
H2 200 adreq Show response
ads.servenobid.com/ 466 B
606 B 326ms
220ms XHR
application/json 63.35.4.196
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/adreq?cb=9359
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.35.4.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-35-4-196.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: ac18a7fd18fdefc3438e0034961c575d1bbfe6f1772742fdb7d66fe76b4ec04a

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 27 Jun 2022 07:07:38 GMT
content-encoding: gzip
amp-access-control-allow-source-origin: *
vary: accept-encoding
content-type: application/json
access-control-allow-origin: https://thehackernews.com
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 24 B
522 B 155ms
46ms XHR
application/json 216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_4.43.0
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash: 45ec82ebc637502ce6e9e20240df5a3dc83e5b02e16714179b15bc07302a0e85

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 27 Jun 2022 07:07:38 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://thehackernews.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 24

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
279 B 268ms
178ms XHR
text/plain 147.75.85.234
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.85.234 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://thehackernews.com
date: Mon, 27 Jun 2022 07:07:37 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 143
vary: origin, Accept-Encoding

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
881 B 181ms
106ms XHR
application/json 34.107.148.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUPEPKI9
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: f951e337d8855ecb4b1edbff4fd7593442f5e0e4b64052c22bf9f6b5f98274b3

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:38 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://thehackernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H2 200 25 Show response
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ 213 B
399 B 180ms
37ms XHR
application/json 2a02:fa8:8806:13::1460
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a02:fa8:8806:13::1460 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: 89c027aa9e4fcb8869b7033a8ccd916200f90b12b84fa1ad5ce1d6d864ddd3e6

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:38 GMT
server: nginx
content-type: application/json
access-control-allow-origin: https://thehackernews.com
cache-control: no-cache
access-control-allow-credentials: true
content-length: 213
expires: 0

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
219 B 142ms
36ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=33&wv=4.43.0&cb=70202433077

Requested by

Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 27 Jun 2022 07:07:37 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://thehackernews.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 139 B
836 B 147ms
38ms XHR
application/json 185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

45923d591de1250ed4cd9d46f3640bea0f056f8efc38cbbd06ecd35d0b5c51f3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 27 Jun 2022 07:07:38 GMT
X-Proxy-Origin: 217.138.196.107; 217.138.196.107; 717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 70ee7fa6-e20e-4600-ab65-f364b3abdd10
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://thehackernews.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 v2 Show response
i.connectad.io/api/ 0
328 B 252ms
108ms XHR
text/plain 2606:4700:10::6816:36ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://i.connectad.io/api/v2
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:36ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 27 Jun 2022 07:07:38 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
access-control-allow-origin: https://thehackernews.com
cache-control: no-cache, private
access-control-allow-credentials: true
cf-ray: 721c58cb0971cc56-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 173 B
405 B 221ms
44ms XHR
application/json 18.192.170.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.192.170.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-192-170-39.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: d39bdb9bdf2755506f5952405e4e641647ed4ca98df43fb72bc7fe8c18112732

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:38 GMT
content-encoding: gzip
x-prebid: pbs-java/1.91.0
content-type: application/json
access-control-allow-origin: https://thehackernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 169
expires: 0

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 284 B
1 KB 312ms
114ms XHR
application/json 2602:803:c003:200::21
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=20616&site_id=332834&zone_id=1745264&size_id=15&alt_size_ids=2%2C1%2C13%2C14%2C16%2C19%2C43%2C44%2C117&rp_schain=1.0,1!adpushup.com,aeb138a66c47c1d438a8907993e81712,1,,,&eid_pubcid.org=d5f9ed2b-5448-4775-822f-d3d8926d4e63%5E1&rf=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html&tk_flint=pbjs_lite_v4.43.0&x_source.tid=9928ceca-c3f6-493b-baa2-614fe6de876f&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.13758683959761075
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 87441230bee08b4c3c704d897321976bd45c42500330d653a9867f952f3cb666

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 27 Jun 2022 07:07:38 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://thehackernews.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 284
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
114 B 154ms
41ms XHR
text/plain 35.156.141.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.141.29 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-156-141-29.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://thehackernews.com
date: Mon, 27 Jun 2022 07:07:38 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
114 B 159ms
46ms XHR
text/plain 35.156.141.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.141.29 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-156-141-29.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://thehackernews.com
date: Mon, 27 Jun 2022 07:07:38 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
114 B 153ms
41ms XHR
text/plain 35.156.141.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.141.29 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-156-141-29.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://thehackernews.com
date: Mon, 27 Jun 2022 07:07:38 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
115 B 151ms
40ms XHR
text/plain 35.156.141.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.141.29 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-156-141-29.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://thehackernews.com
date: Mon, 27 Jun 2022 07:07:38 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
364 B 157ms
42ms XHR
application/json 51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

ip98.ip-51-75-86.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: https://thehackernews.com
cache-control: no-transform, no-cache
access-control-allow-credentials: true
content-type: application/json
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

GET
H2 200 arj Show response
adpushup-d.openx.net/w/1.0/ 73 B
381 B 133ms
37ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adpushup-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=4e33e578-a3e3-44f9-8d34-1910bd1a24a5&nocache=1656313657900&pubcid=d5f9ed2b-5448-4775-822f-d3d8926d4e63&schain=1.0%2C1!adpushup.com%2Caeb138a66c47c1d438a8907993e81712%2C1%2C%2C%2C&aus=730x290%2C728x280%2C728x250%2C728x90%2C690x90%2C690x250%2C690x280%2C675x90%2C675x280%2C675x250%2C670x90%2C670x280%2C670x250%2C650x90%2C650x280%2C650x250%2C650x150%2C630x90%2C630x280%2C630x250%2C602x100%2C600x90%2C600x280%2C600x250%2C580x90%2C570x90%2C550x150%2C468x60%2C336x280%2C320x50%2C320x100%2C300x50%2C300x100%2C300x75%2C300x250%2C250x250%2C200x200&divids=ADP_37020_responsivexresponsive_00000001-dff37fe9-622d-498e-965b-cb33553102ff&aucs=&auid=541218336
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/7f1e280 /
Resource Hash: 077e436b2bd9a3f6b9e1206276ff987021a9a13d6c44ef709e2883c2265ac05c

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:38 GMT
content-encoding: gzip
server: OXGW/7f1e280
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://thehackernews.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 50 B
746 B 129ms
37ms XHR
application/json 185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 27 Jun 2022 07:07:38 GMT
X-Proxy-Origin: 217.138.196.107; 217.138.196.107; 717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: bc5d6419-4e91-4202-a7ef-06f3cb8ba1ae
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://thehackernews.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 50
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 bid-request Show response
a.teads.tv/hb/ 16 B
249 B 341ms
174ms XHR
application/json 2.18.232.7
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://a.teads.tv/hb/bid-request
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.7 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-7.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:38 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://thehackernews.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 42
expires: Mon, 27 Jun 2022 07:07:38 GMT

POST translator
hbopenbid.pubmatic.com/ 0
0

GET
H2 204 prebid Show response
ads.yieldmo.com/exchange/ 0
226 B 189ms
48ms XHR
text/plain 52.30.242.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.yieldmo.com/exchange/prebid?pbav=4.43.0&p=%5B%7B%22placement_id%22%3A%22ADP_37020_responsivexresponsive_00000001-dff37fe9-622d-498e-965b-cb33553102ff%22%2C%22callback_id%22%3A%2252e78a16123dc8b%22%2C%22sizes%22%3A%5B%5B730%2C290%5D%2C%5B728%2C280%5D%2C%5B728%2C250%5D%2C%5B728%2C90%5D%2C%5B690%2C90%5D%2C%5B690%2C250%5D%2C%5B690%2C280%5D%2C%5B675%2C90%5D%2C%5B675%2C280%5D%2C%5B675%2C250%5D%2C%5B670%2C90%5D%2C%5B670%2C280%5D%2C%5B670%2C250%5D%2C%5B650%2C90%5D%2C%5B650%2C280%5D%2C%5B650%2C250%5D%2C%5B650%2C150%5D%2C%5B630%2C90%5D%2C%5B630%2C280%5D%2C%5B630%2C250%5D%2C%5B602%2C100%5D%2C%5B600%2C90%5D%2C%5B600%2C280%5D%2C%5B600%2C250%5D%2C%5B580%2C90%5D%2C%5B570%2C90%5D%2C%5B550%2C150%5D%2C%5B468%2C60%5D%2C%5B336%2C280%5D%2C%5B320%2C50%5D%2C%5B320%2C100%5D%2C%5B300%2C50%5D%2C%5B300%2C100%5D%2C%5B300%2C75%5D%2C%5B300%2C250%5D%2C%5B250%2C250%5D%2C%5B200%2C200%5D%5D%2C%22ym_placement_id%22%3A%222743550009650651584%22%7D%5D&page_url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html&bust=1656313657944&pr=&scrd=1&dnt=false&description=RIG%20Exploit%20Kit%20replaces%20Raccoon%20stealer%20trojan%20with%20Dridex%20financial%20malware%20after%20one%20of%20its%20developers%20was%20killed%20in%20the%20Russian-Ukrainian%20war.&title=RIG%20Exploit%20Kit%20Now%20Infects%20Victims%27%20PCs%20With%20Dridex%20Instead%20of%20Raccoon%20Stealer&w=1600&h=1200&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%7D&us_privacy=&pubcid=d5f9ed2b-5448-4775-822f-d3d8926d4e63&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22adpushup.com%22%2C%22sid%22%3A%22aeb138a66c47c1d438a8907993e81712%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.242.212 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-242-212.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://thehackernews.com
pragma: no-cache
date: Mon, 27 Jun 2022 07:07:38 GMT
access-control-allow-credentials: true
x-robots-tag: none,NOINDEX,NOFOLLOW
access-control-allow-methods: POST, GET, OPTIONS
access-control-request-headers: Cache-Control, Pragma

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
304 B 137ms
136ms XHR
text/plain 143.204.93.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fthehackernews.com&pubid=2e7e1587-d92f-46dd-8721-80b53eccb87e
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.93.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-93-3.fra50.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:37 GMT
via: 1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
access-control-allow-origin: https://thehackernews.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: 8bszdIOXQtUzAcOw7NYyLE04K06SKt_CVktc9b7RuclHNZ5IIktwCg==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
493 B 87ms
85ms XHR
text/javascript 143.204.93.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html&pid=OVhsdM64Va6TY&cb=0&ws=1600x1200&v=8.0.1&t=3000&slots=%5B%7B%22sd%22%3A%22ADP_37020_responsivexresponsive_00000001-dff37fe9-622d-498e-965b-cb33553102ff%22%2C%22s%22%3A%5B%22730x290%22%2C%22728x280%22%2C%22728x250%22%2C%22728x90%22%2C%22690x90%22%2C%22690x250%22%2C%22690x280%22%2C%22675x90%22%2C%22675x280%22%2C%22675x250%22%2C%22670x90%22%2C%22670x280%22%2C%22670x250%22%2C%22650x90%22%2C%22650x280%22%2C%22650x250%22%2C%22650x150%22%2C%22630x90%22%2C%22630x280%22%2C%22630x250%22%2C%22602x100%22%2C%22600x90%22%2C%22600x280%22%2C%22600x250%22%2C%22580x90%22%2C%22570x90%22%2C%22550x150%22%2C%22468x60%22%2C%22336x280%22%2C%22320x50%22%2C%22320x100%22%2C%22300x50%22%2C%22300x100%22%2C%22300x75%22%2C%22300x250%22%2C%22250x250%22%2C%22200x200%22%5D%2C%22sn%22%3A%22%2F103512698%2F22055424785%22%7D%5D&schain=1.0%2C1!adpushup.com%2Caeb138a66c47c1d438a8907993e81712%2C1%2C%2C%2C&pubid=2e7e1587-d92f-46dd-8721-80b53eccb87e&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.93.3 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-93-3.fra50.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:38 GMT
via: 1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA50-C1
x-amz-rid: 6Q1A3EC51WQTV9RJWQWZ
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://thehackernews.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: 6l6O_G3Mj_JtDMcnQyeugDQs1AJmsXiLwdCNS3oFDQmaxUsd8D_8GQ==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 124ms
41ms XHR
application/javascript 143.204.93.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.93.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-93-3.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

x-amz-version-id: V0pVBg0mlfLR15rr7Wd2OdbBwvWb7BSE
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 1808
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Thu, 16 Jun 2022 07:15:00 GMT
server: AmazonS3
date: Mon, 27 Jun 2022 07:04:17 GMT
vary: Accept-Encoding,Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: ivJYd5-W-NfmBOzYSd3xtjRkxzdwwQRX1yVHFC0ZlvtY2g51_dsC5Q==

GET
H3 200 pubads_impl_2022062101.js Show response
securepubads.g.doubleclick.net/gpt/ 372 KB
126 KB 137ms
41ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062101.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

sffe /

Resource Hash

b75b3b21ae775a45091f0e3bf542ad86aa9b243dc2d6548d85090c79a1ccf68b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 06:02:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3891
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 129096
x-xss-protection: 0
last-modified: Tue, 21 Jun 2022 08:34:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 27 Jun 2023 06:02:47 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 164 B
138 B 145ms
53ms XHR
application/json 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=thehackernews.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

019d22d3e70ec460a085db138f131a9d77cb25175dd7eecb155305c270ed221c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 27 Jun 2022 07:07:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
expires: Mon, 27 Jun 2022 07:07:38 GMT

GET
H2 200 rules-p-54Nt-1NAaEEe0.js Show response
rules.quantcount.com/ 2 B
344 B 136ms
40ms Script
application/javascript 2600:9000:2156:2200:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-54Nt-1NAaEEe0.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:2200:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 06:57:42 GMT
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
server: AmazonS3
age: 595
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA50-C1
content-length: 2
x-amz-cf-id: 2wySnrKG8vYyX8ggsZsUHau7iLRi2AhEV7C2pLE8FoCzJrl0VlATag==

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 221 B
649 B 140ms
49ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=thehackernews.com&callback=_gfp_s_&client=ca-pub-7983783048239650

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206210101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7983783048239650&plah=thehackernews.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b4a73cef58d578f829aea292dfe05501c53f2598551853f0655222890274caf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
792 B 156ms
49ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=thehackernews.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 27 Jun 2022 07:07:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 140ms
48ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=thehackernews.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 27 Jun 2022 07:07:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0EE0 67 KB
27 KB 859ms
749ms Document
text/html 2a00:1450:4014:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1656283406&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656313657718&bpp=5&bdt=828&idt=325&shv=r20220622&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&correlator=2462490803585&frm=20&pv=2&ga_vid=633798284.1656313658&ga_sid=1656313658&ga_hid=2003236339&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761793&oid=2&pvsid=438245539072583&tmod=1062587049&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=JV9fvl4EZK&p=https%3A//thehackernews.com&dtd=344

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4014:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9199f15f4d45217b5ba9c06b1a9a2c68e3d3c15961c598d82000d2aeb920aaf2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 27841
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Jun 2022 07:07:38 GMT
expires: Mon, 27 Jun 2022 07:07:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
10 KB 139ms
56ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220622&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0899916faab8eec429860e604f0112abda9945f3d95ce71404544f915b2b3d46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 27 Jun 2022 07:07:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10649
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1A35 68 KB
27 KB 607ms
519ms Document
text/html 2a00:1450:4014:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&h=600&slotname=1415611493&adk=2877078529&adf=3546401298&pi=t.ma~as.1415611493&w=300&fwrn=4&fwrnh=100&lmt=1656283406&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656313657723&bpp=2&bdt=833&idt=357&shv=r20220622&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=2462490803585&frm=20&pv=1&ga_vid=633798284.1656313658&ga_sid=1656313658&ga_hid=2003236339&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761793&oid=2&pvsid=438245539072583&tmod=1062587049&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=GejRhJKddK&p=https%3A//thehackernews.com&dtd=362

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4014:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b796b9cb729c2d6e7f3716f37d32763c6d6bce51be65d9082f49a0845f2adc6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 27987
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Jun 2022 07:07:38 GMT
expires: Mon, 27 Jun 2022 07:07:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 136B 92 KB
32 KB 481ms
405ms Document
text/html 2a00:1450:4014:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1656283406&rafmt=12&psa=0&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656313657725&bpp=2&bdt=835&idt=369&shv=r20220622&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600&correlator=2462490803585&frm=20&pv=1&ga_vid=633798284.1656313658&ga_sid=1656313658&ga_hid=2003236339&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3096&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761793&oid=2&pvsid=438245539072583&tmod=1062587049&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=Pct71FVWtc&p=https%3A//thehackernews.com&dtd=372

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4014:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

451590728e7ef03fcf9e42836867a517221c5c824e1a5c8f4a2dbc88bcfd0275

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 33162
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Jun 2022 07:07:38 GMT
expires: Mon, 27 Jun 2022 07:07:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 22E5 164 KB
43 KB 547ms
483ms Document
text/html 2a00:1450:4014:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&adk=1812271804&adf=3025194257&lmt=1656283406&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656313657744&bpp=1&bdt=854&idt=358&shv=r20220622&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600%2C970x250&nras=1&correlator=2462490803585&frm=20&pv=1&ga_vid=633798284.1656313658&ga_sid=1656313658&ga_hid=2003236339&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761793&oid=2&pvsid=438245539072583&tmod=1062587049&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&dtd=364

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4014:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05aa2b31f514dde2221f41a1030345005a344cba719a2e16b79c0a0962390bc0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 43709
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Jun 2022 07:07:38 GMT
expires: Mon, 27 Jun 2022 07:07:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel;r=445766422;rf=0;a=p-54Nt-1NAaEEe0;url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html;uh=e51ed67dfb8d91dc24b15e2ace0c3bc33bc53c3e1dfb09200d6c2f8387...
pixel.quantserve.com/ 35 B
372 B 56ms
47ms Image
image/gif 2620:116:800d:21:7eb1:3826:be7e:d981
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=445766422;rf=0;a=p-54Nt-1NAaEEe0;url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html;uh=e51ed67dfb8d91dc24b15e2ace0c3bc33bc53c3e1dfb09200d6c2f8387d67ea6;uht=2;fpan=1;fpa=P0-1367536571-1656313658173;pbc=d5f9ed2b-5448-4775-822f-d3d8926d4e63;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;gdpr=0;ref=;d=thehackernews.com;je=0;sr=1600x1200x24;dst=0;et=1656313658173;tzo=0;ogl=site_name.The%20Hacker%20News%2Clocale.en_US%2Ctype.article%2Ctitle.RIG%20Exploit%20Kit%20Now%20Infects%20Victims'%20PCs%20With%20Dridex%20Instead%20of%20Raccoon%20Stealer%2Cimage.https%3A%2F%2Fthehackernews%252Ecom%2Fnew-images%2Fimg%2Fb%2FR29vZ2xl%2FAVvXsEj2wZ2WigbmeeiVSmTQ4-67%2Cdescription.RIG%20Exploit%20Kit%20replaces%20Raccoon%20stealer%20trojan%20with%20Dridex%20financial%20malware%20af%2Curl.https%3A%2F%2Fthehackernews%252Ecom%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs%252Ehtml

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:38 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 110ms
35ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Mon, 27 Jun 2022 07:07:37 GMT
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 1151
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 154ms
61ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 27 Jun 2022 07:07:38 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A7B7 13 KB
5 KB 126ms
41ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 12641
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 27 Jun 2022 03:36:57 GMT
expires: Tue, 27 Jun 2023 03:36:57 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame E643 783 B
1 KB 140ms
50ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f29d89be4c30c2bbd4241659e128a38aa1630da30b002c0a1f107c7bf27d1e2c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-CCHvW-QIWWQ3Xt93ZWt49A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 515
content-security-policy: script-src 'report-sample' 'nonce-CCHvW-QIWWQ3Xt93ZWt49A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 27 Jun 2022 07:07:38 GMT
expires: Mon, 27 Jun 2022 07:07:38 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js Show response
pagead2.googlesyndication.com/bg/ Frame A7B7 35 KB
13 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c22409172c05d9c78dc290c92c8a6b8487378b6f82f26604b478a566bda9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Sun, 26 Jun 2022 22:28:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31147
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13719
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 26 Jun 2023 22:28:31 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E643 0
0 106ms
105ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220622&jk=438245539072583&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H2 200 fa287546e1d5bd0678894d5c227e456c.js Show response
www.gstatic.com/mysidia/ Frame 136B 10 KB
5 KB 134ms
41ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fa287546e1d5bd0678894d5c227e456c.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1656283406&rafmt=12&psa=0&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656313657725&bpp=2&bdt=835&idt=369&shv=r20220622&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600&correlator=2462490803585&frm=20&pv=1&ga_vid=633798284.1656313658&ga_sid=1656313658&ga_hid=2003236339&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3096&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761793&oid=2&pvsid=438245539072583&tmod=1062587049&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=Pct71FVWtc&p=https%3A//thehackernews.com&dtd=372

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd49219477a365773f010355db7e75d2430693594965a28d835d7c579536948f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 00:38:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 368927
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4351
x-xss-protection: 0
last-modified: Tue, 21 Jun 2022 18:51:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 21 Sep 2022 00:38:51 GMT

GET
H2 200 db2e47a9a3671f527cf86ca9ac22fc67.js Show response
www.gstatic.com/mysidia/ Frame 136B 10 KB
4 KB 136ms
44ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/db2e47a9a3671f527cf86ca9ac22fc67.js?tag=text/vanilla_highlight

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3fbe67fed994d974916f80939f43e83889b033b3a565f349f26255620037a4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 04:33:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 354861
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4277
x-xss-protection: 0
last-modified: Tue, 21 Jun 2022 18:51:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 21 Sep 2022 04:33:17 GMT

GET
H2 200 74ef8cb7c81a147b0078185476199165.js Show response
www.gstatic.com/mysidia/ Frame 136B 18 KB
7 KB 139ms
47ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/74ef8cb7c81a147b0078185476199165.js?tag=pingback

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d8e6138c7cf0944d755a4757f5c2b3803ede310e05af81ff90d4fe98bb6c4d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 01:02:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 367493
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7278
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 00:04:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 21 Sep 2022 01:02:45 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 136B 8 KB
1 KB 141ms
49ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 06:08:40 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 27 Jun 2022 07:07:38 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 27 Jun 2022 07:07:38 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/ Frame 136B 2 KB
904 B 57ms
56ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 03:33:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12841
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
server: cafe
etag: 13035868154101442325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Jul 2022 03:33:37 GMT

GET
H2 200 a44a0b8f447061e92ca19622c4392a02.js Show response
www.gstatic.com/mysidia/ Frame 136B 6 KB
2 KB 145ms
53ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a44a0b8f447061e92ca19622c4392a02.js?tag=analytics_pingback_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa3777d578531c63cb5b48a28d1f0135a9769ca2ee44ae916aadb341089140e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 12:56:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 583892
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2233
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 22:50:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 18 Sep 2022 12:56:06 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/ Frame 136B 21 KB
9 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2cba1141d784827ad237feecdcb29cd406098a38f720d8b204197cfef9a0f6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 05:42:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5134
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8706
x-xss-protection: 0
server: cafe
etag: 11173422395264295734
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Jul 2022 05:42:04 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/ Frame 136B 3 KB
1 KB 57ms
56ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:06:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Jul 2022 07:06:58 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 136B 137 KB
43 KB 150ms
62ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e11546a93f99f4b0b79d7e9a993b8f0a9a239fb1e101810738f3bff890ba549

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43180
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1655912982481896"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 27 Jun 2022 07:07:38 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/ Frame 136B 17 KB
7 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

92cc22507e69f2baa9a37f4dd7767bad45f4531a1667fd8cfb0665dd7bfd52d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 06:17:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7350
x-xss-protection: 0
server: cafe
etag: 4581267900612465077
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Jul 2022 06:17:38 GMT

GET
H3 200 21b2dfe42abab24529e209ac1efa07c6.js Show response
www.gstatic.com/mysidia/ Frame 136B 31 KB
13 KB 131ms
48ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/21b2dfe42abab24529e209ac1efa07c6.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b97d2c98f8bac4ee72d075d577db22903f83ae9a2742b9caef94f0842b459348

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 00:44:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 368580
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13060
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 00:04:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 21 Sep 2022 00:44:38 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A7B7 0
9 B 42ms
42ms Image
text/plain 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?5NXAFQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206210101/ 149 KB
53 KB 64ms
63ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206210101/reactive_library_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00f028d9f3a2d7eb15eaa043cc86a4ec039dd0b7d842a8e292e37cd4c7b4c869

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54405
x-xss-protection: 0
server: cafe
etag: 12649750563650327531
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Jun 2022 07:07:38 GMT

GET
H3 200 12240756394957173862
tpc.googlesyndication.com/simgad/ Frame 1A35 57 KB
57 KB 42ms
42ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12240756394957173862?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qnUtxfoIFfVXR4S_KdsgWZzqMkOfg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&h=600&slotname=1415611493&adk=2877078529&adf=3546401298&pi=t.ma~as.1415611493&w=300&fwrn=4&fwrnh=100&lmt=1656283406&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656313657723&bpp=2&bdt=833&idt=357&shv=r20220622&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=2462490803585&frm=20&pv=1&ga_vid=633798284.1656313658&ga_sid=1656313658&ga_hid=2003236339&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761793&oid=2&pvsid=438245539072583&tmod=1062587049&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=GejRhJKddK&p=https%3A//thehackernews.com&dtd=362

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8118c5f09297cbd32853cbc9fae0c56602988574957dfe3fc032c4441631060

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 15:26:47 GMT
x-content-type-options: nosniff
age: 574851
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58631
x-xss-protection: 0
last-modified: Thu, 02 Jun 2022 22:11:41 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 20 Jun 2023 15:26:47 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/ Frame 1A35 21 KB
8 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2625083f682f667dbd0121720f86b02cc023e7cc2c36d1fad2d1a3dbe0b8cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:05:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8671
x-xss-protection: 0
server: cafe
etag: 18116328616323621410
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Jul 2022 07:05:51 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/ Frame 1A35 3 KB
1 KB 63ms
63ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:02:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 325
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Jul 2022 07:02:13 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1A35 137 KB
42 KB 102ms
101ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e11546a93f99f4b0b79d7e9a993b8f0a9a239fb1e101810738f3bff890ba549

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43180
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1655912982481896"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 27 Jun 2022 07:07:38 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/ Frame 1A35 17 KB
7 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:00:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 455
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: cafe
etag: 16921397534319471551
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Jul 2022 07:00:03 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 1A35 0
0 103ms
103ms Fetch
text/html 2a00:1450:4014:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CdyJ3Ole5YpT5DYrGtweM1o2YBq2a_uJq1oH466AQzc_b_uogEAEg5_vlG2C7hoCA0AqgAZKZq_wCyAECqAMByAPJBKoEjAJP0Io8aCEJsCPmf2zfObPeAThv7DYLZr7TlFTwquXQnt2OHlLC2-fZd1tfbFP1AyDK6MvAe0oSgBPp_rftLmjneVfAC3fStkUT9cQEGAkqllZXroctOxXlE-dA9imTh9KAcYI5D6fNGCfd425pV9s8m60Y3fuPGMSi_U9ndJAD8uLJDF2g1jhYNvfLNZVXNSoYZxFhXoTnbQdY0cMY208p0avJeobMk-YK-6ddi8oLd5VgzVegEryRhYxhEkgqaXzuIM-24CMdLcsNuoRzeCJeKdE2FEtIFaIyiGy-YJTSg5nLz61dku8xsOwO4oFsVHHDdjuS0S3jrXDJ_3usyysivvtDEix2Zd97OFsdwATbu8T-_wOSBQQIBBgBkgUECAUYBKAGAoAH1ubUgwGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCElFTSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDdAVAZgWAYAXAbIXHAoaCAASFHB1Yi03OTgzNzgzMDQ4MjM5NjUwGAA&sigh=dYREpnBwerY&uach_m=[UACH]

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4014:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&h=600&slotname=1415611493&adk=2877078529&adf=3546401298&pi=t.ma~as.1415611493&w=300&fwrn=4&fwrnh=100&lmt=1656283406&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656313657723&bpp=2&bdt=833&idt=357&shv=r20220622&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=2462490803585&frm=20&pv=1&ga_vid=633798284.1656313658&ga_sid=1656313658&ga_hid=2003236339&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761793&oid=2&pvsid=438245539072583&tmod=1062587049&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=GejRhJKddK&p=https%3A//thehackernews.com&dtd=362
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 27 Jun 2022 07:07:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 27 Jun 2022 07:07:38 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/ Frame 1A35 31 KB
13 KB 62ms
62ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b87ba9f38a8905c569f57b2e7f262a904383984fb76af355216f2cd31e856a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 05:37:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5414
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12977
x-xss-protection: 0
server: cafe
etag: 4929431275013645188
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Jul 2022 05:37:24 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 136B 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/74ef8cb7c81a147b0078185476199165.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 136B 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/74ef8cb7c81a147b0078185476199165.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 136B 0
20 B 74ms
74ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/74ef8cb7c81a147b0078185476199165.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 136B 0
20 B 76ms
76ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/74ef8cb7c81a147b0078185476199165.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 136B 0
20 B 74ms
74ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/74ef8cb7c81a147b0078185476199165.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 136B 0
20 B 76ms
75ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/74ef8cb7c81a147b0078185476199165.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 136B 0
20 B 75ms
73ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/74ef8cb7c81a147b0078185476199165.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 136B 0
0 102ms
101ms Fetch
text/html 2a00:1450:4014:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CeXQfOle5YrPgDYmMtwfb9Kd42e6hpmrO-4PV5w_2i8q9oRkQASDn--UbYLuGgIDQCqAB996wjQPIAQGoAwHIA8sEqgSEAk_QBGAVZc5CMKUGyQaqjXjxfUr5X_WWRWyIMVmut2SgfPul3Rps9w8kKUCNetjjHPap2pB9u0Z8eUxS28il1miwLgahUULDKzrTnLJ9pjcNf5S-KlAJbBmgUevpflGRLJCI62ceMh-wEsQ3LDzFrCSZGHGB77VBIQWgAtuLr-zl4UNy0aWFFfwbVthxYec6NdoIX_qh5Uo6UX8PE10LVET4k4xC69ZiDjFYfRkgEQmr-hjFAXNcvThJkGYBVprrcLWB-E2rqqJ5oqtE32frePBUCQ4S0sgi7Stkqsk0Ps_jMGljHdeGvK64DwqC3IAMZHCIrzU5s_UT4qL6Iklw9-gnoM6RwATdlcrh-AOSBQQIBBgBkgUECAUYBIAH8aDPcqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEOuhXdIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMNiBQB0BUBmBYBgBcBshccChoIABIUcHViLTc5ODM3ODMwNDgyMzk2NTAYAA&sigh=3V_igQmFHAo&uach_m=[UACH]

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4014:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1656283406&rafmt=12&psa=0&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656313657725&bpp=2&bdt=835&idt=369&shv=r20220622&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600&correlator=2462490803585&frm=20&pv=1&ga_vid=633798284.1656313658&ga_sid=1656313658&ga_hid=2003236339&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3096&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761793&oid=2&pvsid=438245539072583&tmod=1062587049&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=Pct71FVWtc&p=https%3A//thehackernews.com&dtd=372
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 27 Jun 2022 07:07:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 27 Jun 2022 07:07:38 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8FA7 143 B
163 B 54ms
53ms Document
text/html 2a00:1450:4014:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4014:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1656283406&rafmt=12&psa=0&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656313657725&bpp=2&bdt=835&idt=369&shv=r20220622&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C300x600&correlator=2462490803585&frm=20&pv=1&ga_vid=633798284.1656313658&ga_sid=1656313658&ga_hid=2003236339&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3096&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761793&oid=2&pvsid=438245539072583&tmod=1062587049&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=Pct71FVWtc&p=https%3A//thehackernews.com&dtd=372
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 2602
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Mon, 27 Jun 2022 06:24:16 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame FC8E 143 B
163 B 59ms
54ms Document
text/html 2a00:1450:4014:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4014:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&h=600&slotname=1415611493&adk=2877078529&adf=3546401298&pi=t.ma~as.1415611493&w=300&fwrn=4&fwrnh=100&lmt=1656283406&rafmt=1&psa=0&format=300x600&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656313657723&bpp=2&bdt=833&idt=357&shv=r20220622&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=2462490803585&frm=20&pv=1&ga_vid=633798284.1656313658&ga_sid=1656313658&ga_hid=2003236339&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761793&oid=2&pvsid=438245539072583&tmod=1062587049&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=GejRhJKddK&p=https%3A//thehackernews.com&dtd=362
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 2602
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Mon, 27 Jun 2022 06:24:16 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
122 B 180ms
70ms Script
application/javascript 2a00:1450:4014:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=thehackernews.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4014:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 27 Jun 2022 07:07:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 135ms
49ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=thehackernews.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 27 Jun 2022 07:07:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220622/r20110914/ Frame 8417 10 KB
4 KB 66ms
65ms Document
text/html 2a00:1450:4014:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220622/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4014:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

75a2067c9dff8e58ae83cdb8ee4fe896013966ac4e8f3f1d5e8a75f27c9a1ae2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 25727
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4414
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Jun 2022 23:58:51 GMT
etag: 10429905676100781186
expires: Sun, 10 Jul 2022 23:58:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 136B 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dd170cf2c227290a307f2f3ddf6565df1c7df35f19279e55bc0cf3d1c9e596dc

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 136B 0
20 B 85ms
84ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/74ef8cb7c81a147b0078185476199165.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 1A35 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 430616bb058bbd9355767fef759da525bbfc256460337fe73377e6584b039057

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 5221416263494655517
tpc.googlesyndication.com/simgad/ Frame 0EE0 24 KB
24 KB 42ms
42ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5221416263494655517?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qna24CuZHmT6zEremT6nNGxjG_S8Q

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1656283406&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656313657718&bpp=5&bdt=828&idt=325&shv=r20220622&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&correlator=2462490803585&frm=20&pv=2&ga_vid=633798284.1656313658&ga_sid=1656313658&ga_hid=2003236339&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761793&oid=2&pvsid=438245539072583&tmod=1062587049&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=JV9fvl4EZK&p=https%3A//thehackernews.com&dtd=344

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e14a8d7acd57fba2eee8db28de82e10957fa2d6e7b7296f3aa478a0895a200d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 03:22:43 GMT
x-content-type-options: nosniff
age: 359096
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24925
x-xss-protection: 0
last-modified: Tue, 17 Aug 2021 18:45:03 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 23 Jun 2023 03:22:43 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/ Frame 0EE0 21 KB
8 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2625083f682f667dbd0121720f86b02cc023e7cc2c36d1fad2d1a3dbe0b8cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:05:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8671
x-xss-protection: 0
server: cafe
etag: 18116328616323621410
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Jul 2022 07:05:51 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/ Frame 0EE0 3 KB
1 KB 50ms
49ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:02:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 326
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Jul 2022 07:02:13 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0EE0 137 KB
42 KB 160ms
70ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e11546a93f99f4b0b79d7e9a993b8f0a9a239fb1e101810738f3bff890ba549

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43180
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1655912982481896"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 27 Jun 2022 07:07:39 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/ Frame 0EE0 17 KB
7 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:00:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 456
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: cafe
etag: 16921397534319471551
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Jul 2022 07:00:03 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/ Frame 0EE0 31 KB
13 KB 50ms
49ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b87ba9f38a8905c569f57b2e7f262a904383984fb76af355216f2cd31e856a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 05:37:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5415
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12977
x-xss-protection: 0
server: cafe
etag: 4929431275013645188
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Jul 2022 05:37:24 GMT

GET
H3 200 css2
fonts.googleapis.com/ Frame 8417 4 KB
636 B 136ms
50ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220622/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 05:09:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 27 Jun 2022 07:07:39 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 27 Jun 2022 07:07:39 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 8417 205 B
229 B 42ms
42ms Image
image/png 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220622/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Sun, 26 Jun 2022 21:31:42 GMT
x-content-type-options: nosniff
age: 34557
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 26 Jun 2023 21:31:42 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 8417 604 B
628 B 43ms
42ms Image
image/png 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220622/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 06:34:42 GMT
x-content-type-options: nosniff
age: 1977
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 27 Jun 2023 06:34:42 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/elements/html/ Frame 8417 19 KB
8 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220622/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ae2e1dc0161fa05e80b225682868a9bfbab08c503b2429f06339d4487f160ac2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 06:55:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 726
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8263
x-xss-protection: 0
server: cafe
etag: 17157773748623750166
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Jul 2022 06:55:33 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8FA7
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

71ms
70ms

Document
text/html

2a00:1450:4014:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4014:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 27 Jun 2022 07:07:39 GMT
expires: Mon, 27 Jun 2022 07:07:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 27 Jun 2022 07:07:39 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame FC8E
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

108ms
108ms

Document
text/html

2a00:1450:4014:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4014:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 27 Jun 2022 07:07:39 GMT
expires: Mon, 27 Jun 2022 07:07:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 27 Jun 2022 07:07:39 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0EE0 0
0 97ms
97ms Fetch
text/html 2a00:1450:4014:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CdpDWOle5YrCwDeC49u8Pu7CNoArxir62aomLrdb9D5CPqPhnEAEg5_vlG2C7hoCA0AqgAbOosvsByAECqAMByAPJBKoEgwJP0HeTxBYl4koYJdCwHLryIrO7cGvY5aaqwyJP9ElyquZqlRvfTHbGgHfq9GbZcIQyIF5z_IOn6Hdk4gmfGOpoIW2krKSm_xsPH-MV31LgoeUUC5le5cYih-9DNNjwnLgfb_Hb_NEqEjF4874qsP2agiL6a3NbemGhM9zoGXvpLGAgDaf3m3JaSmUwSojDLH_8e7qZqBDAC8HKiuTiP689hu5fln7VJVidbKThgcLoLDrMqvenzD16R7AJrgo4_VMtpP_BoD3dw_LfE40LZ27WhgsUoE81s7W_klkZuRY0MvDlUpbGXPq6D5ZGfVjvQc3W7DfF4FlSvK-O3lG7p1RT10kAwAT18vfb7AOSBQQIBBgBkgUECAUYBKAGAoAHtdfNhAKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBDVsVXSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDdAVAZgWAYAXAbIXHAoaCAASFHB1Yi03OTgzNzgzMDQ4MjM5NjUwGAA&sigh=YOMJ2a5d-Nc&uach_m=[UACH]

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4014:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1656283406&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656313657718&bpp=5&bdt=828&idt=325&shv=r20220622&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&correlator=2462490803585&frm=20&pv=2&ga_vid=633798284.1656313658&ga_sid=1656313658&ga_hid=2003236339&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761793&oid=2&pvsid=438245539072583&tmod=1062587049&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=JV9fvl4EZK&p=https%3A//thehackernews.com&dtd=344
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 27 Jun 2022 07:07:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js Show response
pagead2.googlesyndication.com/bg/ Frame 10DA 35 KB
13 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c22409172c05d9c78dc290c92c8a6b8487378b6f82f26604b478a566bda9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Sun, 26 Jun 2022 22:28:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31148
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13719
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 26 Jun 2023 22:28:31 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 9D48 143 B
163 B 54ms
54ms Document
text/html 2a00:1450:4014:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4014:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1656283406&rafmt=3&psa=0&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656313657718&bpp=5&bdt=828&idt=325&shv=r20220622&mjsv=m202206210101&ptt=9&saldr=aa&abxe=1&correlator=2462490803585&frm=20&pv=2&ga_vid=633798284.1656313658&ga_sid=1656313658&ga_hid=2003236339&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44761793&oid=2&pvsid=438245539072583&tmod=1062587049&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=JV9fvl4EZK&p=https%3A//thehackernews.com&dtd=344
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 2603
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Mon, 27 Jun 2022 06:24:16 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 9D48
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

90ms
89ms

Document
text/html

2a00:1450:4014:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4014:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 27 Jun 2022 07:07:39 GMT
expires: Mon, 27 Jun 2022 07:07:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 27 Jun 2022 07:07:39 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame 528A 8 KB
893 B 51ms
50ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220622/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 06:08:40 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 27 Jun 2022 07:07:39 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 27 Jun 2022 07:07:39 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/ Frame 528A 2 KB
911 B 41ms
41ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220622/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 06:59:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 490
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Jul 2022 06:59:29 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/ Frame 528A 21 KB
8 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220622/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2625083f682f667dbd0121720f86b02cc023e7cc2c36d1fad2d1a3dbe0b8cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:05:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8671
x-xss-protection: 0
server: cafe
etag: 18116328616323621410
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Jul 2022 07:05:51 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/ Frame 528A 3 KB
1 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220622/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:02:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 326
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Jul 2022 07:02:13 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 528A 137 KB
42 KB 72ms
72ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220622/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e11546a93f99f4b0b79d7e9a993b8f0a9a239fb1e101810738f3bff890ba549

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43180
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1655912982481896"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 27 Jun 2022 07:07:39 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/ Frame 528A 17 KB
7 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220622/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:00:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 456
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: cafe
etag: 16921397534319471551
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Jul 2022 07:00:03 GMT

GET
H3 200 10f77a9ed5e9dbc13462adf17b625271.js Show response
www.gstatic.com/mysidia/ Frame 528A 31 KB
13 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/10f77a9ed5e9dbc13462adf17b625271.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220622/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f570d3cfc5df9a889452f6a2e8ea3ea6c3e6691824d54106d8928efc3abf8600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 05:26:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 265272
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12964
x-xss-protection: 0
last-modified: Tue, 21 Jun 2022 18:51:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 22 Sep 2022 05:26:27 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 93ms
93ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220622&jk=438245539072583&bg=!wsGlwYXNAAZlcKWdRXA7ACkAdvg8WoWmjvAEfNv0fI3DDcL_nQyGfHpvhTGsb5wzTFcG_c0lZcXglwIAAABdUgAAAAJoAQcKAJlPB78PVQDfQiL8rp1KBrSJUhy--hm7x875Rsv4FEFwMgXRhpgd6wGTxCS9dV6f5tP9aTezYFJ-1roiC-bBOmoMrgnOuObYEWCusqeltl4LbF5IX8hUedT7ApSKYftqZPyj_jZW9zAuhThw4Pj9FyTSWkPTTxM4nyU3LcnRiHpoDidV7scAVLcNEmqRkPa_S1q16GDEFrhGBeyZAqO7mY_VqMeiVOS_MdjZhymJVkFLO0j_QkNVaHf9K-rtyXd02F_Fa-rpybxef-dIAPgxjzvNvy5y42DKMHgroxXalxL5Da9NdlMPPxhBwR7hmo5Fg_7ffDgllYOmOhShzD6Wkob4QPDk0YQlFoFpvjNymQsyULx3c2NOO-fe2syj9VkU6qBeN0Z_Pkvg9uA2Yky6JsWKqfRTWmrQjvZwvyvwpyeTBSVmjHm0Z0Td8_8iCT3auBWGdSbZpYVvOs6ZEeUx0AihtcEhs7OoDr4NQgRcBWiHaNwShix4AoVmIT--K8jAF8cFxf7IfFd6jr6tGtu01matqZDtEs-j4iSO14q_dCvn0CKQNDFyJ6ZUK3yni-Rabk-wW8HAT9bfvuQc0-LwBQdrLZLD_30bw8yS5QLOTeRzPvBg6gk0ptJVRA7YJEgaCXwcKI5oycaXJdp-1e39PqV7xsZZVhA6Exeg18HFBkruMtAabat4_mmX18OF2EF7mwOcBtrsfXoXlG_fZCno7cSrRTYMiwbVNjggmmimBKxCyWwDBFBbvyu4cAS8EZFLqeEdgEQhcmtvDfV3s2Gk4hK1KD_6NKQx59D4smBeaD7kqx09xN0C7Zc0dgXIFFiGQQxse6YbDDFdZ9uXqoTdbZyWIHj9vaLVHO4Tqx5Try4n0as-CQG8lphv7-SDgE0AJEVc-EG0MNQs1iKEDuY1DKPzEEOmzK54pnAmvLKzg8ilsswaSrbiesnG1mORca_c_yXKs-knFajvy5GOVFMulfJNXSRNJ8zC2FGD7eg_ITR68SXP_Yn4YwQ0ULX6giDXXhedMD0AERE7bvPlE1VSOE3M68GpjQIWRjBbssNlf1ouPSqlyfLxEYZ6aim7S0xsgXOc5fvz0f2FYumJzmlLq3M
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame FB27 143 B
163 B 55ms
54ms Document
text/html 2a00:1450:4014:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220622/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4014:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20220622/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 2603
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Mon, 27 Jun 2022 06:24:16 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 0EE0 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 06bba7bf81059fcee2df4d14f5f662de94319c0eb80635615392f62866366456

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 136B 28 KB
28 KB 132ms
41ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 20:36:54 GMT
x-content-type-options: nosniff
age: 383445
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Jun 2023 20:36:54 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame FB27
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

127ms
127ms

Document
text/html

2a00:1450:4014:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220622/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4014:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 27 Jun 2022 07:07:39 GMT
expires: Mon, 27 Jun 2022 07:07:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 27 Jun 2022 07:07:39 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js Show response
pagead2.googlesyndication.com/bg/ Frame E6D0 35 KB
13 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c22409172c05d9c78dc290c92c8a6b8487378b6f82f26604b478a566bda9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Sun, 26 Jun 2022 22:28:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31148
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13719
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 26 Jun 2023 22:28:31 GMT

GET
H3 200 VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js Show response
pagead2.googlesyndication.com/bg/ Frame 8837 35 KB
13 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c22409172c05d9c78dc290c92c8a6b8487378b6f82f26604b478a566bda9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Sun, 26 Jun 2022 22:28:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31148
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13719
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 26 Jun 2023 22:28:31 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 136B 0
20 B 74ms
74ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/74ef8cb7c81a147b0078185476199165.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js Show response
pagead2.googlesyndication.com/bg/ Frame 9FE1 35 KB
13 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c22409172c05d9c78dc290c92c8a6b8487378b6f82f26604b478a566bda9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Sun, 26 Jun 2022 22:28:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31148
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13719
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 26 Jun 2023 22:28:31 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 136B 0
20 B 74ms
74ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=Cg4IByoKd2ViX2Jhbm5lcgoHCAgqA2x0cgoYCAEqFGJhbm5lci1sYXJnZS12YW5pbGxhCgoIAioGc2VydmVyCjEIBCotbXlzaWRpYV9hbmFseXRpY3NfZXhwMSxteXNpZGlhX3JlbGVhc2VfY2FuYXJ5Cg0QMiEAAAAAnJnZPzAECg0QMyEAAAAAZ2b2PzAECg0QNCEAAAAAZ2b2PzAECg0QNSEAAAAAZ2b2PzAECg0QNiEAAABoZiZTQDAECg0QNyEAAAAAZ2b2PzAECg0QOCEAAAA0MzNTQDAECg0QOSEAAAAAACB-QDAECg0QOiEAAADNzJx_QDAECg0QOyEAAIBmZg6MQDAECg0QPCEAAIBmZg6MQDAECg0QPSEAAIBmZh6MQDAECg0QPiEAAAAAAMiVQDAECg0QPyEAAAAAAMiVQDAECg0QQCEAAIBmZgKWQDAEEhpDTFBsOEptSnpmZ0NGUW5HN1FvZFdfb0pEdyIWdGV4dC92YW5pbGxhX2hpZ2hsaWdodCgV

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/74ef8cb7c81a147b0078185476199165.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1A35 42 B
64 B 76ms
76ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsthJh1O-UJE6ZeeHSRPikg-UQatAC1JFCHKnrIWjRqaJQ1YuKtFM0s3ONLSZiJZUwiamoegsfIh_7jeTSkVGwyeahAKUJjuph7xY3dKrj54_JGu2JKL65BET06JDxmo91Vn7K7PUA&sai=AMfl-YSznxwtoa6ql_iY4TmOq-XVTx2dxDxreLm3HJZX2Up0ljHnyQhGbKUSPA4BqLXNOnCukErc1pex2G2M&sig=Cg0ArKJSzD0OPw3x_ULqEAE&id=lidar2&mcvt=1000&p=0,0,600,300&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20220622&bin=7&avms=nio&bs=0,0&mc=0.75&if=1&vu=1&app=0&itpl=4&adk=2877078529&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1656313658086&rpt=851&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0EE0 42 B
64 B 76ms
75ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvxZE0v-0XrtHqREBFoEXtFRirJewzgI0kUkgS36FJF5SU1M1tpxa6YIa1wmPRNrkolji3Vubq9Gu74HNypBjr8W-76yvDGvgWaThbb7VGxYI8Tnq2twUno-nk70NdCmnKYRoCixA&sai=AMfl-YQk0rKV0bY4jBbrVYZqEk7xJRLEa82wLPqzDLgz4-WDl48gn02kI0ZsJsqRHJzYwHUcftVuX5LlJq4c&sig=Cg0ArKJSzA_V-AeGlrotEAE&id=lidar2&mcvt=1000&p=0,0,250,300&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220622&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=455978357&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1656313658064&rpt=1176&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
122 B 69ms
69ms Script
application/javascript 2a00:1450:4014:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=thehackernews.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4014:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 27 Jun 2022 07:07:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 49ms
49ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=thehackernews.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 27 Jun 2022 07:07:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 17 KB
9 KB 504ms
503ms XHR
text/plain 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=438245539072583&correlator=4075998511108548&eid=31067516&output=ldjh&gdfp_req=1&vrg=2022062101&ptt=17&impl=fifs&iu_parts=103512698%3A22548988896%2C22055424785&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C730x290%7C728x280%7C728x250%7C728x90%7C690x90%7C690x250%7C690x280%7C675x90%7C675x280%7C675x250%7C670x90%7C670x280%7C670x250%7C650x90%7C650x280%7C650x250%7C650x150%7C630x90%7C630x280%7C630x250%7C602x100%7C600x90%7C600x280%7C600x250%7C580x90%7C570x90%7C550x150%7C468x60%7C336x280%7C320x50%7C320x100%7C300x50%7C300x100%7C300x75%7C300x250%7C250x250%7C200x200&fluid=height&ifi=6&adks=42059891&sfv=1-0-38&ecs=20220627&fsapi=false&prev_scp=amznbid%3D2%26amznp%3D2%26adpushup_ran%3D1%26hb_ap_siteid%3D37020%26hb_ap_ran%3D1%26fluid%3D1%26refreshcount%3D0%26refreshrate%3D30&eri=1&cust_params=da%3Dadx%26outbrain%3Dtrue&sc=1&cookie=ID%3D42f4e77790797776-22cc163fbecd0000%3AT%3D1656313658%3ART%3D1656313658%3AS%3DALNI_Mbm8M2U2jcbG-R23lQTNqSPohUWFw&abxe=1&dt=1656313660885&lmt=1656283406&dlt=1656313656890&idt=1351&biw=1600&bih=1200&adxs=269&adys=1207&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fthehackernews.com%2F2022%2F06%2Frig-exploit-kit-now-infects-victims-pcs.html&frm=20&vis=1&scr_x=0&scr_y=0&psz=730x0&msz=730x0&fws=4&ohw=1600&ga_vid=633798284.1656313658&ga_sid=1656313658&ga_hid=2003236339&ga_fc=false&btvi=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

6d21e70d3c17b5aa46df1396411e14d097387f624eddbe804e88e12fba661a53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:41 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9417
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://thehackernews.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame FFAA 6 KB
4 KB 167ms
50ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 27 Jun 2022 07:07:41 GMT
expires: Tue, 27 Jun 2023 07:07:41 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 87 KB
28 KB 113ms
40ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

0413c66952464f1ecd016f7bcaab521634a380fc3f9b1b907caa11cb70c2ebc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:40 GMT
content-encoding: gzip
last-modified: Tue, 03 May 2022 11:21:00 GMT
server: nginx
etag: W/"6271101c-15b58"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 28 Jun 2022 07:07:40 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 545B 15 KB
6 KB 56ms
55ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=thehackernews.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

5e5c9149be229df7c934f8cd1acf1b3cc9e04e29cbbe6cbe0e2d726e79930cff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-length: 6144
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 27 Jun 2022 07:07:40 GMT
server-processing-duration-in-ticks: 2195
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 87 KB
28 KB 115ms
41ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

0413c66952464f1ecd016f7bcaab521634a380fc3f9b1b907caa11cb70c2ebc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:41 GMT
content-encoding: gzip
last-modified: Tue, 03 May 2022 11:21:00 GMT
server: nginx
etag: W/"6271101c-15b58"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 28 Jun 2022 07:07:41 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 545B
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=thehackernews.com&sn=ChromeSyncframe&so=3&topUrl=thehackernews.com&bundle=VzKv419VMmp3QnJGJTJGN09FbWs3Z0swT0E3TllSWWV6cEpEVHRONnk5VllEaTM2...
https://mug.criteo.com/sid?cpp=KJBDxnxoNzN1WVI0akFOdTd2VzNzcjRZNzZTb2x6VEM5Y2wwODE2eFVzRXFlZ21WT2pLMDFDL1lydVBuRmwwRUZiS2hVakErWE93UUpvaGVYaFNhYStMTXZONHYzZkFLdkx1U0hMK2x3UmtDOGhUUS9ubDIxbGxHN3Q4Wj...

457 B
647 B

37ms
37ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=KJBDxnxoNzN1WVI0akFOdTd2VzNzcjRZNzZTb2x6VEM5Y2wwODE2eFVzRXFlZ21WT2pLMDFDL1lydVBuRmwwRUZiS2hVakErWE93UUpvaGVYaFNhYStMTXZONHYzZkFLdkx1U0hMK2x3UmtDOGhUUS9ubDIxbGxHN3Q4WjZhYkZScXo2VitKbnd5Qm9GZ1RkZmxlSlpKZ3ptNWZFN3lMenhSMUovZTdET2NJR0ZBQW9aWDNoOVdReng1d2RHWWJpZlNVVXhxTVcyQnBTUGkzTUdveTJaRkFWWnVhbEQ0ODJVUkxjZEdEdC9qRkczejNaaHRCTXR0L0wvYWU0YnhkLy92dnNld0R1UHZKNlBiUGdsZ1R0WW1iK3RtbGx5LzBBZkY5NDlUbzhYR3pXQlU2bz18&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

37cb807869a39b375152aa790119346a89af633d4e9b84bb0e39cbd8ef07212b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:40 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 4263
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:40 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=KJBDxnxoNzN1WVI0akFOdTd2VzNzcjRZNzZTb2x6VEM5Y2wwODE2eFVzRXFlZ21WT2pLMDFDL1lydVBuRmwwRUZiS2hVakErWE93UUpvaGVYaFNhYStMTXZONHYzZkFLdkx1U0hMK2x3UmtDOGhUUS9ubDIxbGxHN3Q4WjZhYkZScXo2VitKbnd5Qm9GZ1RkZmxlSlpKZ3ptNWZFN3lMenhSMUovZTdET2NJR0ZBQW9aWDNoOVdReng1d2RHWWJpZlNVVXhxTVcyQnBTUGkzTUdveTJaRkFWWnVhbEQ0ODJVUkxjZEdEdC9qRkczejNaaHRCTXR0L0wvYWU0YnhkLy92dnNld0R1UHZKNlBiUGdsZ1R0WW1iK3RtbGx5LzBBZkY5NDlUbzhYR3pXQlU2bz18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1573
content-length: 567
expires: 0

GET
H3 200 container.html Show response
f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E56D 6 KB
3 KB 125ms
42ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022062101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 27 Jun 2022 07:07:41 GMT
expires: Tue, 27 Jun 2023 07:07:41 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2E96 624 B
297 B 73ms
73ms Document
text/html 2a00:1450:4014:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-mmwIQs5ueAhj76NzEATAB&v=APEucNUcKGNWYaG4R2o9JnmClwLqek8_Bnl5cUeMB5ImnqI6gszJlCFaKPG4VbE2Lht2m6pAdEt5OO__cIb1fu5KLcomPKJaDvjur3Gl-2CV_Ulvy7_OS1tiUD-JwMW5D-zOIKYXKxjo0glHEABRrZcmFam1AY7ojEjkUReyesKyd9GGAPYzTZs

Requested by

Host: f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com
URL: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4014:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Jun 2022 07:07:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame E56D 77 KB
32 KB 103ms
102ms Script
text/javascript 2a00:1450:4014:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CypPyS_vDxdMp97JVg0CIA9WrPvPnXnc97D2cVXJ2D4rjTtGVu2fZ_YpsvUEVCG9vFf2zAm-wczjcUKceOwaJ20bhO8g&cry=1&dbm_d=AKAmf-AvG6NJy-kz2cXYr1cch0QtJgy6LRSyIdZi8xrNiL3FAIyPCou9iHTJvHpmYZepVmlX8WL2l0BzPYqMs-K4XVaJ9XsMdt9k_iE6u9ZDuJ56OWLmcx01cNaOwbp9DJDkcn0yM9IpdZcr3KjumKDRK4B9mB9F8Ca8LCOxcC1h0WBTLG6FJ3Es4JbM3CP-gQU6kfMuIxDtjA8iNa9JoUm4DPpHt_89YAe7W_8onEim1T-DcH79e95ctixPfxK1qQajb2Rv0JDNqA2HBc0-iFugr9m2vUes75i0V6vQBaxmMerAfRoe5YEa-XCzYfq5nCs3b5GQrxaRI1odjuEpI8QQ3Jax95R8ze7DuMwFlMxqCPt1KTRVawWZ99Cy0gETDBcqBICUqspkcd9OrsCVzk8WKfZTMsqWeVXeLsodFa7YwOLiMcW8r3U80dUxzNqWIcteD2JJl5NcZL0rbIWi1QkbtsH5vYTiTh7owwL_wjb2nDmXaqFiZBu0VHNGGZX2YAvXdxyBgOrsJqhxZD6j1FoOnMLpepYA2IgzfQoODk6ul6A5fieDwXnSPp9oGQzUk4pSu9kDlBWvNFaNZOdTi1zQNzyJ5ALvOantXM2fIrZ6LAZ9zHk97AMoEQlpwifbBEc7ypV6TuXbtkdgmQMOzqt-azB_vCflUyyCRKHZaDNV8Jby7ougiBa91yLg02r8c4XqQ31GZ747bFGIdI0EyyDjwtLNUMiOoE2szY8v0OvSBWN71820etKT0iz6JW80P7DcW-SgPOHfwZXyXgZR8HIa7bIE1Buin62w6uPvv7x7OOMVIe6m0CvEK3NCAJSwfQm6Du_pYR1G38y9GWBJKHF5EpRNF1cb8clP_ohopfeUTTnBomO_EdFQ-Twd1EBHOEdnUHlCxLfeyIz7WVsbZCyviVj4Az6-PjxKc79HIrwodiaT1w9G2py0_x6j0vYSaGdohRmqNICTl2vZBbBgEB7X0yQHDQRFi3agz-h3ull9O8SBzwh-16nKpuXrmsAKDKB6ZzEGwzgUFbqFNIza4-t1UuOYyyx52HN8jOo6R630xry4T6VGnhRyWlVpKfsgNVUxvlpkEKhlDqpeRllHZCvbs7sixZkY0tjfCR-YlQJBRjwNEqPw634Ua8ZS9oVDDzMEq2UllLMMNwoGpDnIZWiKXoWvPFk8Rg6IwiaYCfiUWtsw8diSInuEdVhRr_A8lCB0-q7IMux3kLEHW5ewsXIVq7aPQkADjyGjnKX124oesNroepHnFJ8bkrj4X-R6vGt4KzEHaQmXHL6KghFxT377xypOWAAjbM5reU5uo48oL306WugjPPFKEP_IcqE4MkkkIqM9FIEX0jsbPXbgxcJMwTVf_dJZ6vbCnA1VF4_faGiohqMc9VzA4mu6XxPRHLyo0PeYzIQWmNPZxRf44XXbyBsQhFHg9QtUGP5kWP2Qclv0sUMZDZc9NF2PI3q3OubZAV_CM4ce7M1UEtr3JhaZRl2YLqDn5uMvYVUcyEBpvw1dFoQmT7bQjrqAJXERJjB6IXMO1o_nepj6x-1H8uEHosO6t4ZovLKK844RB4w7XviBvUeDuhVWKpygsN6KLtpWSsUHh7ZACU0e-KBFzfKkJvw6LCClao-G4hz7aBXmvtnB6OwqGilVpKfZiA8iPAirT3Fv2sNMFoTo5ciqaRLGdq6j-s5z6z_Qm-xdHPKQ9zwum6FSUic0NknddM976-wTpn-eYDtm1shGCMZXTddAJbc428QkXJy7vOk--v5B9uSGRwm4VLXNbKEDPp9ni1bFZNfW7yOYSI6Fx9LCm4YVDTnVslwLhS0-Q_NuCr9MLVGjLbYFzh4FEFKgnwBx0z6tbf5VVWANWkMjXVIyzBTtojKtRW0qlbEqGIgw_88mXV9YK21FuioTCs4Q0UJ769NIZ6mISvUXL8PnAN9Tjzpr2YfIQv2JQu2reTFtjymv979UX6Thlvg_cBX9jf0sI-wgaT_fduWsT-DBRIPm5uJo8j8wKsFlqsdVP-T8M0YOv35eE9sJqFh5SDAWleGU_hW4XwX8tkKVWTPOBYgGYAVVvtk1ElQvuCCxK3Rugc5G_XHQVFXDFNLRLjRTD5NaIxVYUcF9HntNQmu_jbMMGJ1JCoNvUKUwQqTqNYsgnAR-OxMA-DfH3Wzot_4VmrnFz44giM64fu_qkwXONP9YzzjjhfLELG2_HWKiSIQFx6yBpJwQHnFC2suhK8pixp4CAa-Th1g9BScoTdbHFpV3_-KfaxTHcwFPsGWn9h3oT-0TbFCKEYg_HpEyaCm1jRwnZ7kEM7U-ZSmHmQJXewxXf-KrA95HzJ3ORccOsWdcY63IgeWH8GwzSCsjAvQrhmawyOtIu56o8dcCd2UfLKiq8oCGrNNku_WIrx1BN1yJTCX-P5TEB2scN2rrakKs4wh9pBaGyGG6vCj5FKPErrZD-P2ZDLhN_EEM1QchYAFuzRUxz20M6jpGjaP9bkeVCCqya0Z_8n6zNf7s9WW-F4Y2dnUnxajkxbz0uWiIBUliaIDRDxlrsTIWU_uMSdWSXODbpvKnhK6VWEu3CXoBZwA0jPYAv8K6tfX0CVB5U6ntBhaRQKRwov2HQk4XlIGLIzVg7uPAMxrp_a8Kt7ej5thjU2btNpdgTWDDfzHkehuYro45ODtuuTFef74uHks2W4Lc8n-qMkTnUnHmiRx6BJIwaQ0J7Awena2xaocYlVmJj3_8BMWEQBjVx_Zj2Nn9sg5YY6xyf4GVEEKm9xld7jBn9q_GyrOjV64zOKmLb5ni8ZN9xuA3QEBtaQhZrmSfIpfqaw1LviS8N4kUlUv8BWQAIf0kdjGFA95AfexVF3UitgcmF7Y7t7q6DOS3qR7bBU3Pvg8_H9ul_ET5rRQcKx9_XVIE9T7TEcbd80NwNDbsGTFYmNT0tCmvKcbf9cua6ipxxyua8Nz7sBxBu96evuI-2sopZnL4aj3Lzqp6N6qK2zicZph7JvelV032pAhD-HYYe42vaA36pDAlBPWPr7PIk3VzJgo6nEMqWbZ0f6Xv5SVB8EeNXoT5eiiUuPFlr5d5C6rFJpEkg4PVNykYl4zjBkka-vpXyEnOr3y7aVqRJr5U7JyNQDUACnUJPVS7Dmt-vdQ-gBO5CZAMHv-sVpmy6jwYU8ZWIiqbE92UiG4IO0WV0YCv1dlx5JE0TC0Qrp8SW__M9TnUOWe2KiC68AIA3BWqp8stC2NYVmn3VOf6SpFF9Mb_YNem0z4&cid=CAASJORo3ChXG-EhLKbtpZ4GIji2eYSiuxf79o841f0ueRTtiyabAw&rfl=1%2Chttps%253A%252F%252Fthehackernews.com%252F2022%252F06%252Frig-exploit-kit-now-infects-victims-pcs.html%240

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4014:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7bd4c59f12df732512d21f75c09aeb719710d8febb5e5c49af6c495f6c3423dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:41 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33167
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame E56D 42 B
63 B 74ms
74ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ADwM2g0GxAEmWloBWJQZxT_X5WShfWibMkc1QJpW2Y0VVr3F7Y3ib2A-6Eylk2t6bT0in6L3c9nPK4-j3gOF9rnssk80z5usKl3HmqIBweXIt2rQA

Requested by

Host: f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com
URL: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/ Frame E56D 3 KB
1 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/window_focus_fy2021.js

Requested by

Host: f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com
URL: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:02:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 328
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Jul 2022 07:02:13 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E56D 137 KB
42 KB 75ms
74ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com
URL: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e11546a93f99f4b0b79d7e9a993b8f0a9a239fb1e101810738f3bff890ba549

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43180
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1655912982481896"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 27 Jun 2022 07:07:41 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/ Frame E56D 17 KB
7 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220622/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com
URL: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:00:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 458
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: cafe
etag: 16921397534319471551
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Jul 2022 07:00:03 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame E56D 0
0 50ms
49ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTiXPJTh1noNEFF-WnZeF-jFf1OlvAMWqx-9O-47tHSm0t73I0an4yc2CtcKsBldJTo7JOk9QZ8GfD1hxnaSNm7rMkLLg
Requested by: Host: f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com
URL: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 2E96
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMoYFuetstT560OuJDkGISs&google_cver=1

43 B
909 B

130ms
98ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMoYFuetstT560OuJDkGISs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-mmwIQs5ueAhj76NzEATAB&v=APEucNUcKGNWYaG4R2o9JnmClwLqek8_Bnl5cUeMB5ImnqI6gszJlCFaKPG4VbE2Lht2m6pAdEt5OO__cIb1fu5KLcomPKJaDvjur3Gl-2CV_Ulvy7_OS1tiUD-JwMW5D-zOIKYXKxjo0glHEABRrZcmFam1AY7ojEjkUReyesKyd9GGAPYzTZs
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

cf-ray: 721c58e27a0274f5-LHR
pragma: no-cache
date: Mon, 27 Jun 2022 07:07:41 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FO43EDVm8Xfzct8njqhmGYKv9O1YI0vo5frVzj2h7QrZVCJ9WNEfQhjyWrlcmehuFPI1Ip%2FJMOGgcdi8l%2B9nd037yNDdifWhTuiCWS1JNkkbFxZ6JCZIt1v49vvu4B0HNqE37L8uB6WYGg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:41 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMoYFuetstT560OuJDkGISs&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 2E96
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YrlXPZ3CbO9m7u6e95JT8QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMoYFuetstT560OuJDkGISs&google_cver=1

43 B
912 B

72ms
69ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMoYFuetstT560OuJDkGISs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-mmwIQs5ueAhj76NzEATAB&v=APEucNUcKGNWYaG4R2o9JnmClwLqek8_Bnl5cUeMB5ImnqI6gszJlCFaKPG4VbE2Lht2m6pAdEt5OO__cIb1fu5KLcomPKJaDvjur3Gl-2CV_Ulvy7_OS1tiUD-JwMW5D-zOIKYXKxjo0glHEABRrZcmFam1AY7ojEjkUReyesKyd9GGAPYzTZs
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

cf-ray: 721c58e3cba574f5-LHR
pragma: no-cache
date: Mon, 27 Jun 2022 07:07:42 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tUvhy9bdQ8pLmWllQOIKg%2FHIKcMXQA2dvZSQ0GYEpql8fpZ%2BwGh2whNbEvUIzBavrv6MqAaWl4HnVSR%2FsHZJzWsxWCSqfxtrdf6HwFfL%2BMBAtdHVqN5JF3pCrjibBOd1hIhyAuxeKg3tig%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:42 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMoYFuetstT560OuJDkGISs&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 2E96
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEHSUyU0_Nuejgv27H_e3hH4&google_cver=1

43 B
1020 B

36ms
36ms

Image
image/gif

185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEHSUyU0_Nuejgv27H_e3hH4&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-mmwIQs5ueAhj76NzEATAB&v=APEucNUcKGNWYaG4R2o9JnmClwLqek8_Bnl5cUeMB5ImnqI6gszJlCFaKPG4VbE2Lht2m6pAdEt5OO__cIb1fu5KLcomPKJaDvjur3Gl-2CV_Ulvy7_OS1tiUD-JwMW5D-zOIKYXKxjo0glHEABRrZcmFam1AY7ojEjkUReyesKyd9GGAPYzTZs

Protocol

HTTP/1.1

Server

185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 27 Jun 2022 07:07:41 GMT
X-Proxy-Origin: 217.138.196.107; 217.138.196.107; 717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: dbf5e87c-1820-4cd7-9aac-c0e53d4b613a
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:41 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEHSUyU0_Nuejgv27H_e3hH4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 2E96
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTIxNDQxMzA0NTY1ODgwOTgxMg%3D%3D

170 B
243 B

75ms
52ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTIxNDQxMzA0NTY1ODgwOTgxMg%3D%3D

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 27 Jun 2022 07:07:41 GMT
X-Proxy-Origin: 217.138.196.107; 217.138.196.107; 717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: c59d5caf-66b2-439a-97a2-1b92f32f9308
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTIxNDQxMzA0NTY1ODgwOTgxMg%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame E56D 106 KB
38 KB 164ms
41ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/
Origin: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Sun, 26 Jun 2022 19:19:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42476
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Jun 2022 19:19:45 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220622/r20110914/elements/html/ Frame E56D 8 KB
3 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220622/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CypPyS_vDxdMp97JVg0CIA9WrPvPnXnc97D2cVXJ2D4rjTtGVu2fZ_YpsvUEVCG9vFf2zAm-wczjcUKceOwaJ20bhO8g&cry=1&dbm_d=AKAmf-AvG6NJy-kz2cXYr1cch0QtJgy6LRSyIdZi8xrNiL3FAIyPCou9iHTJvHpmYZepVmlX8WL2l0BzPYqMs-K4XVaJ9XsMdt9k_iE6u9ZDuJ56OWLmcx01cNaOwbp9DJDkcn0yM9IpdZcr3KjumKDRK4B9mB9F8Ca8LCOxcC1h0WBTLG6FJ3Es4JbM3CP-gQU6kfMuIxDtjA8iNa9JoUm4DPpHt_89YAe7W_8onEim1T-DcH79e95ctixPfxK1qQajb2Rv0JDNqA2HBc0-iFugr9m2vUes75i0V6vQBaxmMerAfRoe5YEa-XCzYfq5nCs3b5GQrxaRI1odjuEpI8QQ3Jax95R8ze7DuMwFlMxqCPt1KTRVawWZ99Cy0gETDBcqBICUqspkcd9OrsCVzk8WKfZTMsqWeVXeLsodFa7YwOLiMcW8r3U80dUxzNqWIcteD2JJl5NcZL0rbIWi1QkbtsH5vYTiTh7owwL_wjb2nDmXaqFiZBu0VHNGGZX2YAvXdxyBgOrsJqhxZD6j1FoOnMLpepYA2IgzfQoODk6ul6A5fieDwXnSPp9oGQzUk4pSu9kDlBWvNFaNZOdTi1zQNzyJ5ALvOantXM2fIrZ6LAZ9zHk97AMoEQlpwifbBEc7ypV6TuXbtkdgmQMOzqt-azB_vCflUyyCRKHZaDNV8Jby7ougiBa91yLg02r8c4XqQ31GZ747bFGIdI0EyyDjwtLNUMiOoE2szY8v0OvSBWN71820etKT0iz6JW80P7DcW-SgPOHfwZXyXgZR8HIa7bIE1Buin62w6uPvv7x7OOMVIe6m0CvEK3NCAJSwfQm6Du_pYR1G38y9GWBJKHF5EpRNF1cb8clP_ohopfeUTTnBomO_EdFQ-Twd1EBHOEdnUHlCxLfeyIz7WVsbZCyviVj4Az6-PjxKc79HIrwodiaT1w9G2py0_x6j0vYSaGdohRmqNICTl2vZBbBgEB7X0yQHDQRFi3agz-h3ull9O8SBzwh-16nKpuXrmsAKDKB6ZzEGwzgUFbqFNIza4-t1UuOYyyx52HN8jOo6R630xry4T6VGnhRyWlVpKfsgNVUxvlpkEKhlDqpeRllHZCvbs7sixZkY0tjfCR-YlQJBRjwNEqPw634Ua8ZS9oVDDzMEq2UllLMMNwoGpDnIZWiKXoWvPFk8Rg6IwiaYCfiUWtsw8diSInuEdVhRr_A8lCB0-q7IMux3kLEHW5ewsXIVq7aPQkADjyGjnKX124oesNroepHnFJ8bkrj4X-R6vGt4KzEHaQmXHL6KghFxT377xypOWAAjbM5reU5uo48oL306WugjPPFKEP_IcqE4MkkkIqM9FIEX0jsbPXbgxcJMwTVf_dJZ6vbCnA1VF4_faGiohqMc9VzA4mu6XxPRHLyo0PeYzIQWmNPZxRf44XXbyBsQhFHg9QtUGP5kWP2Qclv0sUMZDZc9NF2PI3q3OubZAV_CM4ce7M1UEtr3JhaZRl2YLqDn5uMvYVUcyEBpvw1dFoQmT7bQjrqAJXERJjB6IXMO1o_nepj6x-1H8uEHosO6t4ZovLKK844RB4w7XviBvUeDuhVWKpygsN6KLtpWSsUHh7ZACU0e-KBFzfKkJvw6LCClao-G4hz7aBXmvtnB6OwqGilVpKfZiA8iPAirT3Fv2sNMFoTo5ciqaRLGdq6j-s5z6z_Qm-xdHPKQ9zwum6FSUic0NknddM976-wTpn-eYDtm1shGCMZXTddAJbc428QkXJy7vOk--v5B9uSGRwm4VLXNbKEDPp9ni1bFZNfW7yOYSI6Fx9LCm4YVDTnVslwLhS0-Q_NuCr9MLVGjLbYFzh4FEFKgnwBx0z6tbf5VVWANWkMjXVIyzBTtojKtRW0qlbEqGIgw_88mXV9YK21FuioTCs4Q0UJ769NIZ6mISvUXL8PnAN9Tjzpr2YfIQv2JQu2reTFtjymv979UX6Thlvg_cBX9jf0sI-wgaT_fduWsT-DBRIPm5uJo8j8wKsFlqsdVP-T8M0YOv35eE9sJqFh5SDAWleGU_hW4XwX8tkKVWTPOBYgGYAVVvtk1ElQvuCCxK3Rugc5G_XHQVFXDFNLRLjRTD5NaIxVYUcF9HntNQmu_jbMMGJ1JCoNvUKUwQqTqNYsgnAR-OxMA-DfH3Wzot_4VmrnFz44giM64fu_qkwXONP9YzzjjhfLELG2_HWKiSIQFx6yBpJwQHnFC2suhK8pixp4CAa-Th1g9BScoTdbHFpV3_-KfaxTHcwFPsGWn9h3oT-0TbFCKEYg_HpEyaCm1jRwnZ7kEM7U-ZSmHmQJXewxXf-KrA95HzJ3ORccOsWdcY63IgeWH8GwzSCsjAvQrhmawyOtIu56o8dcCd2UfLKiq8oCGrNNku_WIrx1BN1yJTCX-P5TEB2scN2rrakKs4wh9pBaGyGG6vCj5FKPErrZD-P2ZDLhN_EEM1QchYAFuzRUxz20M6jpGjaP9bkeVCCqya0Z_8n6zNf7s9WW-F4Y2dnUnxajkxbz0uWiIBUliaIDRDxlrsTIWU_uMSdWSXODbpvKnhK6VWEu3CXoBZwA0jPYAv8K6tfX0CVB5U6ntBhaRQKRwov2HQk4XlIGLIzVg7uPAMxrp_a8Kt7ej5thjU2btNpdgTWDDfzHkehuYro45ODtuuTFef74uHks2W4Lc8n-qMkTnUnHmiRx6BJIwaQ0J7Awena2xaocYlVmJj3_8BMWEQBjVx_Zj2Nn9sg5YY6xyf4GVEEKm9xld7jBn9q_GyrOjV64zOKmLb5ni8ZN9xuA3QEBtaQhZrmSfIpfqaw1LviS8N4kUlUv8BWQAIf0kdjGFA95AfexVF3UitgcmF7Y7t7q6DOS3qR7bBU3Pvg8_H9ul_ET5rRQcKx9_XVIE9T7TEcbd80NwNDbsGTFYmNT0tCmvKcbf9cua6ipxxyua8Nz7sBxBu96evuI-2sopZnL4aj3Lzqp6N6qK2zicZph7JvelV032pAhD-HYYe42vaA36pDAlBPWPr7PIk3VzJgo6nEMqWbZ0f6Xv5SVB8EeNXoT5eiiUuPFlr5d5C6rFJpEkg4PVNykYl4zjBkka-vpXyEnOr3y7aVqRJr5U7JyNQDUACnUJPVS7Dmt-vdQ-gBO5CZAMHv-sVpmy6jwYU8ZWIiqbE92UiG4IO0WV0YCv1dlx5JE0TC0Qrp8SW__M9TnUOWe2KiC68AIA3BWqp8stC2NYVmn3VOf6SpFF9Mb_YNem0z4&cid=CAASJORo3ChXG-EhLKbtpZ4GIji2eYSiuxf79o841f0ueRTtiyabAw&rfl=1%2Chttps%253A%252F%252Fthehackernews.com%252F2022%252F06%252Frig-exploit-kit-now-infects-victims-pcs.html%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:04:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 172
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Jul 2022 07:04:49 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220622/r20110914/ Frame E56D 27 KB
10 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220622/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8247e71c60f01cce914615568139113018a1a129dceb0fe0af55edb0211b8fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:01:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 366
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10545
x-xss-protection: 0
server: cafe
etag: 4672069523611413616
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Jul 2022 07:01:35 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame E56D 41 KB
15 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com
URL: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Sat, 25 Jun 2022 12:00:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 155247
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 Jun 2023 12:00:14 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame CDBF 1 KB
749 B 42ms
41ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com
URL: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 4437
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Jun 2022 05:53:44 GMT
etag: 48472445140208031
expires: Tue, 28 Jun 2022 05:53:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame E56D 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f7601942c7cfe64b502fa3709096757905d452b92dd6089fd115715ccd8909aa

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 66E2 22 KB
8 KB 41ms
40ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 155247
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 25 Jun 2022 12:00:14 GMT
expires: Sun, 25 Jun 2023 12:00:14 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame CDBF 0
104 B 190ms
66ms Image
text/plain 2a02:fa8:8806:20::2010
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEGDN1b__fGo6pw5Prlu5lmI&google_cver=1&google_push=ARnp8GDnLh9IL5lTXIwXTMwokI9zQPe6qgCMlAJN1FiCGHl6nZA_6Uv9VaxE2nPaaQxpGCGpllj7oTujTQSBb5hZ1glOpUMlTdberw
Requested by: Host: f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com
URL: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:20::2010 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:41 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CDBF
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEOf7GWcCJdTiy7H2VttBlAo&google_cver=1&google_push=ARnp8GBP6KVeNBwB4j5OqXrobme2ItBqm8GM1CFJDYgOoLE2t1JOoKn0S8NbKV6jqzbo_g38bjXPttmceXH0AGHHZQUr2iX1YeBZ
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=6B09D60137444AB0BD333C1652E809BA&google_push=ARnp8GBP6KVeNBwB4j5OqXrobme2ItBqm8GM1CFJDYgOoLE2t1JOoKn0S8NbKV6jqzbo_g38bjXPttmceXH0AGH...

170 B
188 B

101ms
54ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=6B09D60137444AB0BD333C1652E809BA&google_push=ARnp8GBP6KVeNBwB4j5OqXrobme2ItBqm8GM1CFJDYgOoLE2t1JOoKn0S8NbKV6jqzbo_g38bjXPttmceXH0AGHHZQUr2iX1YeBZ

Requested by

Host: f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com
URL: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 27 Jun 2022 07:07:41 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=6B09D60137444AB0BD333C1652E809BA&google_push=ARnp8GBP6KVeNBwB4j5OqXrobme2ItBqm8GM1CFJDYgOoLE2t1JOoKn0S8NbKV6jqzbo_g38bjXPttmceXH0AGHHZQUr2iX1YeBZ
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 138
expires: Sun, 26 Jun 2022 07:07:41 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CDBF
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESELaRu_tFYmjHr99VOS9Sv1c&google_cver=1&google_push=ARnp8GDDFOAwgA2t08mi0KQ9sDUjt77VtV3KLkmK-olbOo4rvI_IKDdnI7gulvwzbOZMQoOw7KomO3CvvEl0DREp...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=Aqzs6F_ERdG-1-HEbr-TgQ2&google_push=ARnp8GDDFOAwgA2t08mi0KQ9sDUjt77VtV3KLkmK-olbOo4rvI_IKDdnI7gulvwzbOZMQoOw7KomO3CvvEl0DREp63iqqWyh2BZ8Pg

170 B
188 B

138ms
52ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=Aqzs6F_ERdG-1-HEbr-TgQ2&google_push=ARnp8GDDFOAwgA2t08mi0KQ9sDUjt77VtV3KLkmK-olbOo4rvI_IKDdnI7gulvwzbOZMQoOw7KomO3CvvEl0DREp63iqqWyh2BZ8Pg

Requested by

Host: f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com
URL: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 27 Jun 2022 07:07:41 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=Aqzs6F_ERdG-1-HEbr-TgQ2&google_push=ARnp8GDDFOAwgA2t08mi0KQ9sDUjt77VtV3KLkmK-olbOo4rvI_IKDdnI7gulvwzbOZMQoOw7KomO3CvvEl0DREp63iqqWyh2BZ8Pg
x-host: tde-deliveryengine-production-5bb647476c-j8b5q
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CDBF
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESELXcyHZ9egWqSiq0QMqJRXo&google_cver=1&google_push=ARnp8GAxbIOykpQ4wZWxOR8TGVfU9bqk-PxEwkd7R_3GgPyEVN0G_5k-68N3SuY8VNU5QZkNC92HqbmI2UKzmxNRlwGvusU...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESELXcyHZ9egWqSiq0QMqJRXo&google_cver=1&google_push=ARnp8GAxbIOykpQ4wZWxOR8TGVfU9bqk-PxEwkd7R_3GgPyEVN0G_5k-68N3SuY8VNU5QZkNC92HqbmI2UKzmxNRlwGvu...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ARnp8GAxbIOykpQ4wZWxOR8TGVfU9bqk-PxEwkd7R_3GgPyEVN0G_5k-68N3SuY8VNU5QZkNC92HqbmI2UKzmxNRlwGvusUW6y4u4w

170 B
188 B

52ms
52ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ARnp8GAxbIOykpQ4wZWxOR8TGVfU9bqk-PxEwkd7R_3GgPyEVN0G_5k-68N3SuY8VNU5QZkNC92HqbmI2UKzmxNRlwGvusUW6y4u4w

Requested by

Host: f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com
URL: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ARnp8GAxbIOykpQ4wZWxOR8TGVfU9bqk-PxEwkd7R_3GgPyEVN0G_5k-68N3SuY8VNU5QZkNC92HqbmI2UKzmxNRlwGvusUW6y4u4w
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CDBF
Redirect Chain

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEAnHgzbj--g9dYFaGOsBjqU&google_cver=1&google_push=ARnp8GC2tHsH2iQnzN8_2HKr1fv9Wk6i1ovELzVHzbmmbtOuz9_6boouCHpDzxYkDmZxaIH568xWkvEKINyU7...
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEAnHgzbj--g9dYFaGOsBjqU&google_push=ARnp8GC2tHsH2iQnzN8_2HKr1fv9Wk6i1ovELzVHzbmmbtOuz9_6boouCHpDzxYkDmZxaIH568xWkvEKINyU7...
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=ARnp8GC2tHsH2iQnzN8_2HKr1fv9Wk6i1ovELzVHzbmmbtOuz9_6boouCHpDzxYkDmZxaIH568xWkvEKINyU7nQZpD_ypJZA1rbN&google_hm=d1lEVTh1cXFMUEVMaTRW...

170 B
188 B

51ms
50ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=ARnp8GC2tHsH2iQnzN8_2HKr1fv9Wk6i1ovELzVHzbmmbtOuz9_6boouCHpDzxYkDmZxaIH568xWkvEKINyU7nQZpD_ypJZA1rbN&google_hm=d1lEVTh1cXFMUEVMaTRWQ1JsUGc=

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 27 Jun 2022 07:07:42 GMT
P3p: CP="We do not support P3P header."
Location: https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=ARnp8GC2tHsH2iQnzN8_2HKr1fv9Wk6i1ovELzVHzbmmbtOuz9_6boouCHpDzxYkDmZxaIH568xWkvEKINyU7nQZpD_ypJZA1rbN&google_hm=d1lEVTh1cXFMUEVMaTRWQ1JsUGc=
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 236
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CDBF
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBIHRaiA6T5gij-uiDhTxFQ&google_cver=1&google_push=ARnp8GAn7EJmdD4Fuhtqa5oJc4WYVrcVCr48flnll-XFwPZLfvCxXO9Otl4NYxH7iToNU_LhiWV...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRXRURYWFktRi1GTVpI&google_push=ARnp8GAn7EJmdD4Fuhtqa5oJc4WYVrcVCr48flnll-XFwPZLfvCxXO9Otl4NYxH7iToNU_LhiWVgJIzn1dy2f-xdS7WH_9bgptXdxg

170 B
188 B

57ms
56ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRXRURYWFktRi1GTVpI&google_push=ARnp8GAn7EJmdD4Fuhtqa5oJc4WYVrcVCr48flnll-XFwPZLfvCxXO9Otl4NYxH7iToNU_LhiWVgJIzn1dy2f-xdS7WH_9bgptXdxg

Requested by

Host: f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com
URL: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRXRURYWFktRi1GTVpI&google_push=ARnp8GAn7EJmdD4Fuhtqa5oJc4WYVrcVCr48flnll-XFwPZLfvCxXO9Otl4NYxH7iToNU_LhiWVgJIzn1dy2f-xdS7WH_9bgptXdxg
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Expires: 0

GET
H2 204 exptsync
ads.yieldmo.com/ Frame CDBF 0
34 B 49ms
48ms Image
text/plain 52.30.242.212
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.yieldmo.com/exptsync?google_gid=CAESEHrDj01sXCZ9eIXTo0Qu9u8&google_cver=1&google_push=ARnp8GCeTe9hkDO1ZAsZ5Ltbh81DklESuwPOwg8h8DIdJyA7jpm9ickcxmttAD0DoKrBE4TLhrJn9xzW5HtJlE84tqSl1wCi8HGcNQ
Requested by: Host: f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com
URL: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.242.212 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-242-212.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:41 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame CDBF 0
59 B 50ms
50ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I0j9OEhUHUqbgEW0vVdQJ7HALqRrDjuXk1HsA2X44RCvDIEa17pyfT5gHBdfoUzADezndy

Requested by

Host: f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com
URL: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:41 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js Show response
pagead2.googlesyndication.com/bg/ Frame 66E2 35 KB
13 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VMIkCRcsBdnHjcKQySyKa4SHN4tvgvJmBLR4pWa9qeA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c22409172c05d9c78dc290c92c8a6b8487378b6f82f26604b478a566bda9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Sun, 26 Jun 2022 22:28:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31150
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13719
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 26 Jun 2023 22:28:31 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/2472196587167945595/ Frame 8F96 108 KB
27 KB 128ms
44ms Document
text/html 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/2472196587167945595/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93eef65f3ca83652f1f21f8c616c1469bbf099fac22f214138d7ca67ac991e92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 233712
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 27730
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 24 Jun 2022 14:12:30 GMT
expires: Sat, 24 Jun 2023 14:12:30 GMT
last-modified: Thu, 10 Mar 2022 16:36:12 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame E56D 0
622 B 191ms
85ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvAQtXA3VGbT9cDJjRIK598l9qih8YPk78DPQtf4dDNDfQ1Fu-W7RjVQjlrubDjoiVcApFSMG5K7I6-Oot1F7TJUdlB5rVUkdf86dYG53SUV_3d_2Zy8YJcYaOz__ZZGX_5hOthF_LL_0Qq_vG1aNTwS_fS8b-9Q4DZc3Io4wZIAPbp51BMlj5ozXgwRwFdeVAxaAemrqB2KwnMdD9I26Gc99-Rr56QIyKG7Qf8O04UtFfg-IoIliIpwO5vRK7jkZ7HTQR_wX0-yh01n7eXnSlJL0kEfNzLJydqppa_1dZuLAe8bFQtnVTnofzwcJBAeC4Peoaen3HrspKXVKkSWWHhUXl07QU_PpnC8tYsSHgHNhhAU3PuCod4_VXKxKAx6xk2lawXbKS9PVrPY0u-9EOwq_N70KsNeuNm4qvctrde6iH83FHKC3dHtXf7GUgQLKbSzJ8jsikDFm9_uM5y1cgMmofS21ycoIlPMsRkaCGeFJrSgwxNPU-hgDGp-srD0MQXnv2hYPqyZv9VeYX33YScKP64Y5U7FB_CTwjkmN9eN88a2GCBToP5v_p0ath6o7NnKue6jRrHHK-ro-O8bgM0ws9_HBl9QjJNVVRjG3McQ88BdrFG0qDbWrbJoWTTjHS6HHXLw_nU8_Z2rPFrWgHscIt0c3dxTPurU8HKLv7x0Q-9K05hldwHgN7vFuTHx3ZMYWam6Jda5ZuO8UiscKHnRExGBDtdJQTpotV7Uw_7Z4sK_HvhoLgSYG2cEmGdn9Bt7J-HFqas6awpB9wwpKtUfYjhVMuj9hrdx28gc-hemH5_sRICobwcd3WlXR77ONsA8bIORXUcCQq84NmZwn7UCYH2LqcfhiHUeRwOW9nVsbU7xEcZa8eAM6deRLD5lHrtAFmwC7Lht5e89eDUaD0aPFvgdGaDvcfglhKMA3Aa3Et5FzcoMzx1TwW6RGy5jSPJ10MbeQ9Y2KE7pbjOjuoMrsluTaAeXJYPJsA5_RWbPUOx1UZM5DiaJQ2moZxL6ZHKxMKf-mb5rdz0Q3PKDmsN_0F731YrPLRd1V1mHX971UM0RCakv6eeY0z8QqRGRMlrLV6BT5Pi3lgH8rg0_lwPOjNujVcjgaGIBtYfQrBHhuSye9lVG3jtPi5g1b0ywVUhklppQOBNFzlqhTjtvd8jHR0XCc0YlCzCSMnoa7FGzTj8rwcs-K6ktn0NWAqYVaTVfc13j6PiHK4sp2U-WXQCUMn0otnqWpCkLI5xpcx7UXa7YvhhxpHXbyjlXV7iRpOj&sai=AMfl-YSglNZfN_bdVej_kWBS95fxwGmcB43U1bQk9w5IlDAMCWK2Q8dj_zDG-WXCroHzV39WOBzrgvhQ16D00JjMOfsechXkCGUQQp5Y0vhVPpzDoLGYN6-A5_jnDBln0uJN1u00wNRvJCLetDpXxXHUvFlQX1Jw2Itk0HSdwknT7hCckE7sNLVwo5sVAQ2eJEKLoBVCaiMiB2kI6kMDaysXnQ&sig=Cg0ArKJSzIu-VBjz5np3EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=233&cbvp=1&cstd=230&cisv=r20220622.94305&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Mon, 27 Jun 2022 07:07:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 66E2 0
20 B 79ms
78ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BVnm5PVe5YpmYJKTZ7_UPqOiwkAIAAAAAOAHgBAI&bg=!4-Cl4KTNAAZlcKWdRXA7ACkAdvg8WqYCg33PrIj-ZtAWTa7mJZkdJYzirGiB-DLPZ1HhPqk0hYGvNAIAAAByUgAAAAJoAQeZAuUGcnPu5owB1mZeSRBzpPwqmJDbeX3G_7PAkE5KeGtklAnXZdiH5gHNv2JbIV2dqBjPz75Uk5BJN6-dtTqFJj39xpGCv_W0QZEVBgGwGQ8V6OXm6iVmhYKc2PStBqvT4nq2JDTLQRr1BhKi-Xb3-ynJfNuMVdJiKY87inKv16zbHwsCYNxOuOCSjPFu4Itt8PKVF0n0QLPngjDcHG_-1zDnoh9HADLpVpqBLmyXOxHFU25wNCBsK4BjooteFf3YPRgUnh-6NTDlP2wLcoJfJV8O5nRuExXbMv16ov1FxjURLEE4kCvrNBLRIpTnI5f63lXX3ZOmPXTjw1c52tRd6K4Yn9iQbSkr003hFMS7YiRZyNlEO1NcjdE2eJfe3AwaYMAwPLkvS7S4mn-qEvAybW_4XIqKxJmmgduspTmdAniN4RbyZTw5T26TxS62NZuf0tO29Pp84-DGs2Qsr6-Qf6ea2GXY45gENtcnDhb2Dc3PZxf10aASBNGB-4F3QzUPq9U-E-KjMak8KPBNtxjZCaCC-icgGpH1yxgrm1W0O8g0zYQ4AHdsIuit8jAEbWI3_A414A4z5grixus84GzbmJqO1JB8JXwbH9UPZ3WuoK_L5u-w3rKEwD6pWCXFctTlcauNW7s0593UuBhreZ5Oer7zM9b3NNwBfezObXlTWMYkBjWk-agU68pD5ExSF87tmIx1JZK9zYxDubZPV4qSjgodW3-P1fTrZris0rWzg3supyLGjOxSsjpWdrnOg8-3Oga4_eFV0jzTkkrBQ-TSjrnVFzPHvpiRT8vf5bs2OSIAPmqx8l6C9dAdHCEnxkFNaZII3P2nQvOB528yLauUJPE96dbcM-cP1Tfd57FCDyaCZiw-Po3Zs3wSxEu0ueWmzMkAiMwY25BbSqE4F8ohWA_LodCQnXpYl6CbrdsBvhzpgJJ-Eza7a7HmlLC3nTC04PMx-1hnKBH75TUbXecQuqGPyY0Jd2g

Requested by

Host: f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com
URL: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pic1.jpg
s0.2mdn.net/sadbundle/2472196587167945595/ Frame 8F96 30 KB
31 KB 42ms
41ms Image
image/jpeg 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2472196587167945595/pic1.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2472196587167945595/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b3ae51ffdbcab9ba72045b701d3d6b4c9832c7d9ff46f45affdea9e8f2bc4293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2472196587167945595/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 14:12:31 GMT
x-content-type-options: nosniff
age: 233711
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31230
x-xss-protection: 0
last-modified: Thu, 10 Mar 2022 16:36:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 24 Jun 2023 14:12:31 GMT

GET
H3 200 dialog_shadow.png
s0.2mdn.net/sadbundle/2472196587167945595/ Frame 8F96 2 KB
2 KB 55ms
55ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2472196587167945595/dialog_shadow.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2472196587167945595/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03418c354cee4b4204d83630572a048be353e3f26c293c869191a0d9a0494e1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2472196587167945595/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 14:12:31 GMT
x-content-type-options: nosniff
age: 233711
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2489
x-xss-protection: 0
last-modified: Thu, 10 Mar 2022 16:36:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 24 Jun 2023 14:12:31 GMT

GET
H3 200 cursor_shadow.png
s0.2mdn.net/sadbundle/2472196587167945595/ Frame 8F96 3 KB
3 KB 52ms
51ms Image
image/png 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2472196587167945595/cursor_shadow.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2472196587167945595/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

479ab423a43aecf5d5e8a5b1de4235c848f17e321c38663f21f18cc8cfe23fa4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2472196587167945595/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 14:12:31 GMT
x-content-type-options: nosniff
age: 233711
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2678
x-xss-protection: 0
last-modified: Thu, 10 Mar 2022 16:36:12 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 24 Jun 2023 14:12:31 GMT

GET
H3 200 gsap_3.9.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 8F96 63 KB
25 KB 56ms
56ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2472196587167945595/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2472196587167945595/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Jun 2022 07:07:42 GMT

GET
H3 200 customease_3.9.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 8F96 7 KB
4 KB 73ms
72ms Script
text/javascript 2a00:1450:4001:829::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/customease_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2472196587167945595/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03f848430009dfc2116b88af857bb44ef073aca257eb71ff8575e8f0f1fc0f3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2472196587167945595/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3697
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Jun 2022 07:07:42 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame E56D 0
26 B 160ms
77ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvAQtXA3VGbT9cDJjRIK598l9qih8YPk78DPQtf4dDNDfQ1Fu-W7RjVQjlrubDjoiVcApFSMG5K7I6-Oot1F7TJUdlB5rVUkdf86dYG53SUV_3d_2Zy8YJcYaOz__ZZGX_5hOthF_LL_0Qq_vG1aNTwS_fS8b-9Q4DZc3Io4wZIAPbp51BMlj5ozXgwRwFdeVAxaAemrqB2KwnMdD9I26Gc99-Rr56QIyKG7Qf8O04UtFfg-IoIliIpwO5vRK7jkZ7HTQR_wX0-yh01n7eXnSlJL0kEfNzLJydqppa_1dZuLAe8bFQtnVTnofzwcJBAeC4Peoaen3HrspKXVKkSWWHhUXl07QU_PpnC8tYsSHgHNhhAU3PuCod4_VXKxKAx6xk2lawXbKS9PVrPY0u-9EOwq_N70KsNeuNm4qvctrde6iH83FHKC3dHtXf7GUgQLKbSzJ8jsikDFm9_uM5y1cgMmofS21ycoIlPMsRkaCGeFJrSgwxNPU-hgDGp-srD0MQXnv2hYPqyZv9VeYX33YScKP64Y5U7FB_CTwjkmN9eN88a2GCBToP5v_p0ath6o7NnKue6jRrHHK-ro-O8bgM0ws9_HBl9QjJNVVRjG3McQ88BdrFG0qDbWrbJoWTTjHS6HHXLw_nU8_Z2rPFrWgHscIt0c3dxTPurU8HKLv7x0Q-9K05hldwHgN7vFuTHx3ZMYWam6Jda5ZuO8UiscKHnRExGBDtdJQTpotV7Uw_7Z4sK_HvhoLgSYG2cEmGdn9Bt7J-HFqas6awpB9wwpKtUfYjhVMuj9hrdx28gc-hemH5_sRICobwcd3WlXR77ONsA8bIORXUcCQq84NmZwn7UCYH2LqcfhiHUeRwOW9nVsbU7xEcZa8eAM6deRLD5lHrtAFmwC7Lht5e89eDUaD0aPFvgdGaDvcfglhKMA3Aa3Et5FzcoMzx1TwW6RGy5jSPJ10MbeQ9Y2KE7pbjOjuoMrsluTaAeXJYPJsA5_RWbPUOx1UZM5DiaJQ2moZxL6ZHKxMKf-mb5rdz0Q3PKDmsN_0F731YrPLRd1V1mHX971UM0RCakv6eeY0z8QqRGRMlrLV6BT5Pi3lgH8rg0_lwPOjNujVcjgaGIBtYfQrBHhuSye9lVG3jtPi5g1b0ywVUhklppQOBNFzlqhTjtvd8jHR0XCc0YlCzCSMnoa7FGzTj8rwcs-K6ktn0NWAqYVaTVfc13j6PiHK4sp2U-WXQCUMn0otnqWpCkLI5xpcx7UXa7YvhhxpHXbyjlXV7iRpOj&sai=AMfl-YSglNZfN_bdVej_kWBS95fxwGmcB43U1bQk9w5IlDAMCWK2Q8dj_zDG-WXCroHzV39WOBzrgvhQ16D00JjMOfsechXkCGUQQp5Y0vhVPpzDoLGYN6-A5_jnDBln0uJN1u00wNRvJCLetDpXxXHUvFlQX1Jw2Itk0HSdwknT7hCckE7sNLVwo5sVAQ2eJEKLoBVCaiMiB2kI6kMDaysXnQ&sig=Cg0ArKJSzIu-VBjz5np3EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=502&vt=11&dtpt=269&dett=3&cstd=230&cisv=r20220622.94305&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 27 Jun 2022 07:07:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 rid Show response
match.adsrvr.org/track/ 63 B
391 B 126ms
40ms XHR
application/json 15.197.193.217

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b932ba7e0467de4916318810f04d13f5c2420d985cbd9fcf2fa8e2f88ba4c02c

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 27 Jun 2022 07:07:43 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://thehackernews.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 63
expires: Wed, 27 Jul 2022 07:07:44 GMT

GET
H2 200 index.html Show response
cdn.districtm.io/ids/ Frame A8B1 116 B
433 B 141ms
42ms Document
text/html 52.222.214.44

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/index.html
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.44 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f752ad8cf812a358129aac3fd9784b0baf6f19899eb49116f08a1afab1fa133e

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 30279
content-length: 116
content-type: text/html
date: Sun, 26 Jun 2022 22:43:05 GMT
etag: "517f2062d883c0ee35479a2da0c50b8c"
last-modified: Thu, 20 May 2021 02:18:27 GMT
server: AmazonS3
via: 1.1 122731c1a09cfba14dfeeff504946134.cloudfront.net (CloudFront)
x-amz-cf-id: G6HMZRNU-xQh3hE1JIvnKFXTsVSqKVMdSTHFSU3WeNYYl0nVnfPs5w==
x-amz-cf-pop: FRA56-P3
x-cache: Hit from cloudfront

GET
H2 200 sync.html Show response
public.servenobid.com/ Frame E671 9 KB
4 KB 192ms
34ms Document
text/html 2620:1ec:40::45

General

Check archive.org

Show headers Download Go to

Full URL: https://public.servenobid.com/sync.html
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:40::45 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a8e85d380b3f0593cf9f1b5a8329131112d4cc7a4baf56ad9cbfa31cd3bc41ed

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=86400
content-encoding: br
content-type: text/html
date: Mon, 27 Jun 2022 07:07:43 GMT
etag: "eb37e18cf286a8e286b2758ea6e68eac"
last-modified: Tue, 21 Jun 2022 17:36:13 GMT
server: AmazonS3
x-amz-id-2: D+N59GeH5v0+vYrPU+rOGyheFMrJqUTpYNMS9iw39J69HJVIgfttjoE5130wwpVdsEAZJS2zSTU=
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:us-east-1:559734745816:build/adserver-public-prod:9da626cf-3969-4de8-a4a6-42bb23e2ee11
x-amz-meta-codebuild-content-md5: e20dcaffda3a7d96358e04b68651b7f3
x-amz-meta-codebuild-content-sha256: 4bebfa32641a486910cec61529af45ec14020c5f64c3930b38984efd840ad8e8
x-amz-request-id: P2V0039NMDKFCAMT
x-azure-ref: 0QFe5YgAAAAASIj978z7XQabdWl7F7iBITE9OMjEyMDUwNzE3MDMxADg0ZTdkZmEyLTE0NDItNDMzNC1iMzRmLWU0MmQzZjdkZGFkOQ==
x-azure-ref-originshield: 0KlC5YgAAAABEyuPq6qADQon1MJXeWqj3TE9OMjFFREdFMTUxMQA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
x-cache: TCP_HIT

GET
H2 200 connectmyusers.php Show response
cdn.connectad.io/ Frame 22F8 1 KB
809 B 90ms
77ms Document
text/html 2606:4700:10::6816:36ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.connectad.io/connectmyusers.php?
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:36ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 08f0465386d9897c95370a004f5251b304dc4f94a73541cccd1ee87c02de2f60

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=86400 public, no-transform
cf-cache-status: DYNAMIC
cf-ray: 721c58ef6b31cc56-ZRH
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 27 Jun 2022 07:07:43 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Tue, 28 Jun 2022 07:07:43 GMT
server: cloudflare
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 07E6 281 B
554 B 139ms
42ms Document
text/html 104.92.74.8

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 27 Jun 2022 07:07:43 GMT
ETag: "402b2-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 0F20 52 KB
17 KB 113ms
29ms Document
text/html 151.101.129.108

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.108 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 7172
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Mon, 27 Jun 2022 07:07:43 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 22 Jun 2022 05:08:01 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 195830, 28298
X-Served-By: cache-lga21982-LGA, cache-lcy19242-LCY
X-Timer: S1656313664.969558,VS0,VE0

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 2E9A 0
91 B 55ms
32ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/7f1e280 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Mon, 27 Jun 2022 07:07:43 GMT
server: OXGW/7f1e280
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 9B45 15 KB
6 KB 209ms
63ms Document
text/html 184.87.212.214

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158261
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.87.212.214 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=145575
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Mon, 27 Jun 2022 07:07:44 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Tue, 28 Jun 2022 23:33:59 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H2 204 /
onetag-sys.com/usync/ Frame 087F 0
0 43ms
42ms Document
text/plain 51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?cb=1656313658091

Requested by

Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

ip98.ip-51-75-86.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame A6AA 23 KB
8 KB 196ms
71ms Document
text/html 2.18.235.93

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUPEPKI9&prvid=2034%2C2033%2C2031%2C172%2C2030%2C173%2C251%2C175%2C132%2C178%2C2029%2C233%2C255%2C2028%2C2027%2C3017%2C214%2C236%2C3016%2C237%2C337%2C338%2C70%2C51%2C97%2C55%2C99%2C77%2C3012%2C2043%2C2040%2C141%2C186%2C222%2C244%2C201%2C3007%2C246%2C345%2C4%2C203%2C10000%2C80%2C108%2C229%2C9%2C307&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1

Requested by

Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/prebid/pb.37020.1652339691291.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 -, , ASN (),

Reverse DNS

Software

Apache /

Resource Hash

86ab3cda639665398d2acb39c92a92aa6ca2ca5486ecec73698a51c6b870af7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 8295
content-type: text/html; charset=UTF-8
date: Mon, 27 Jun 2022 07:07:44 GMT
expires: Wed, 29 Jun 2022 07:07:44 GMT
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H2 204 /
onetag-sys.com/usync/ 0
38 B 44ms
42ms Image
text/plain 51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/usync/?tag=img

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

ip98.ip-51-75-86.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-store

GET
H2 204 1
sync-eu.connectad.io/syncer/ Frame C67C 0
0 90ms
80ms Document
text/plain 2606:4700:10::6816:36ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync-eu.connectad.io/syncer/1
Requested by: Host: cdn.connectad.io
URL: https://cdn.connectad.io/connectmyusers.php?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:36ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://cdn.connectad.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, private
cf-cache-status: DYNAMIC
cf-ray: 721c58f00be2cc56-ZRH
date: Mon, 27 Jun 2022 07:07:44 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
via: 1.1 google

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 0F20 0
747 B 35ms
35ms Script
text/html 185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 27 Jun 2022 07:07:44 GMT
X-Proxy-Origin: 217.138.196.107; 217.138.196.107; 717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 3611b782-1b6d-4f7e-86e8-80a33f55b06f
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 idsync.d5cb6b96.js Show response
cdn.districtm.io/ids/ Frame A8B1 3 KB
4 KB 46ms
46ms Script
application/javascript 52.222.214.44

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/idsync.d5cb6b96.js
Requested by: Host: cdn.districtm.io
URL: https://cdn.districtm.io/ids/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.44 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 196b425485c119046eada45bc1a473e6c35f7f8c5a94824873535de823af517f

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://cdn.districtm.io/ids/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 06:40:32 GMT
via: 1.1 122731c1a09cfba14dfeeff504946134.cloudfront.net (CloudFront)
last-modified: Thu, 20 May 2021 02:18:27 GMT
server: AmazonS3
age: 1633
etag: "74ede07ef946dc2316f86b2661cf2dd3"
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: FRA56-P3
accept-ranges: bytes
content-length: 3302
x-amz-cf-id: Q_wq4rPwfuhwfmu3SGDx0l-nFApGGhpGssl1h6J7NTb3dSUEO65QvQ==

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 07E6 31 KB
10 KB 44ms
43ms Script
text/html 104.92.74.8

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 8c35724525e653b7bf88daa452275689c2f6d7567a3016ec171b14118e64e59e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Mon, 27 Jun 2022 07:07:44 GMT
Content-Encoding: gzip
Last-Modified: Thu, 09 Jun 2022 17:17:26 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=12846
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9456
Expires: Mon, 27 Jun 2022 10:41:50 GMT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 9487 15 KB
6 KB 69ms
60ms Document
text/html 184.87.212.214

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fx.yieldlift.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1YN-%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.87.212.214 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=145575
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Mon, 27 Jun 2022 07:07:44 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Tue, 28 Jun 2022 23:33:59 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H2 200 13926 Show response
g2.gumgum.com/usync/ Frame 9074 4 KB
2 KB 148ms
40ms Document
text/html 52.213.153.112

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.153.112 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: c2776be367357d726b7299a810157121ac8f7a5ea23dea4103c9bedc3f2c8307

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Mon, 27 Jun 2022 07:07:44 GMT
etag: W/"033404c7c6fd2ebf5c386d537da624a4b"
server: nginx
timing-allow-origin: *

GET
H2 204 /
onetag-sys.com/usync/ Frame 9140 0
0 47ms
41ms Document
text/plain 51.75.86.98
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.75.86.98 , France, ASN16276 (OVH, FR),

Reverse DNS

ip98.ip-51-75-86.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H/1.1 200
OK sync Show response
ssbsync.smartadserver.com/api/ Frame 4BE8 862 B
1 KB 191ms
36ms Document
text/html 185.86.139.93

General

Check archive.org

Show headers Download Go to

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.93 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f8a77dbfd7d146589c126730442c742596c91085cce6763f61d03fb13a9ebd1f

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

content-length: 862
content-type: text/html
date: Mon, 27 Jun 2022 07:07:43 GMT

GET
H2 200 usermatch Show response
ssum-sec.casalemedia.com/ Frame 0DCD 1 KB
2 KB 183ms
90ms Document
text/html 104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2455899f7791e649879679e82f26977c45b655b744b8e8b3d2a5c37d9b7a2a7c

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 721c58f13c0971e4-LHR
content-encoding: br
content-type: text/html
date: Mon, 27 Jun 2022 07:07:44 GMT
dropped-udsids: 39|230|241|46|57|73|4|41
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zH4ghRpYIio2itMhARORbZ4SMO4DU3x5Ob1CibbZwBOhlAEzWQNOdS%2FkzyWvmgNc2B77ZkB7kZJCUgQ1zGEgZX%2Ft%2BpV%2FeDwvPd0fy4YWVIqMUxeqm6lHXzZBZ%2Bz73b8%2B%2FUHmFfdshYBAKg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Is-Traffic-Usersync, Accept-Encoding

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame E671 0
239 B 50ms
46ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=13702&gdpr=0&gdpr_consent=&us_privacy=1YN-&
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Content-Type: image/gif

GET
H2

200

sync
ads.servenobid.com/ Frame E671
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
https://ads.servenobid.com/sync?pid=312&uid=5214413045658809812

0
344 B

41ms
40ms

Image
image/avif

63.35.4.196
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=312&uid=5214413045658809812
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 63.35.4.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-35-4-196.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:44 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Pragma: no-cache
Date: Mon, 27 Jun 2022 07:07:44 GMT
X-Proxy-Origin: 217.138.196.107; 217.138.196.107; 717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 65b339ff-da15-48f1-a448-097c31501bad
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ads.servenobid.com/sync?pid=312&uid=5214413045658809812
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame E671
Redirect Chain

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D
https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D&dnr=1
https://ads.servenobid.com/sync?pid=310&uid=E4SruRZHlqrNRb4jRMWW22-A

0
350 B

40ms
34ms

Image
image/avif

63.35.4.196
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=310&uid=E4SruRZHlqrNRb4jRMWW22-A
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 63.35.4.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-35-4-196.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:44 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Pragma: no-cache
Date: Mon, 27 Jun 2022 07:07:44 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ads.servenobid.com/sync?pid=310&uid=E4SruRZHlqrNRb4jRMWW22-A
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap6ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame E671 0
277 B 48ms
44ms Image
text/plain 216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/pixel?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 27 Jun 2022 07:07:44 GMT
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT

GET getuid
x.yieldlift.com/ Frame E671 0
0

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame E671
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D
https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1656313664180
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8968447748

70 B
264 B

46ms
39ms

Image
image/gif

15.197.193.217

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8968447748
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 15.197.193.217 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:44 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:44 GMT
server: Tengine
etag: RXd119f09362e045a585978247179d91d7003
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8968447748
cache-control: no-store, no-cache, must-revalidate
content-type: text/html
expires: 0

GET
H2

200

sync
ads.servenobid.com/ Frame E671
Redirect Chain

https://p.rfihub.com/cm?pub=44007&in=1
https://ads.servenobid.com/sync?pid=324&uid=5140084921088249835

0
344 B

64ms
48ms

Image
image/avif

63.35.4.196
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=324&uid=5140084921088249835
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 63.35.4.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-35-4-196.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:44 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Location: https://ads.servenobid.com/sync?pid=324&uid=5140084921088249835
Date: Mon, 27 Jun 2022 07:07:44 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET usa
sync.go.sonobi.com/ Frame E671 0
0

GET
H2

200

sync
ads.servenobid.com/ Frame E671
Redirect Chain

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D
https://ads.servenobid.com/sync?pid=327&uid=fec90650-262b-4687-bac7-5c281cd00a75&gdpr=0&gdpr_consent=&us_privacy=1YN-

0
356 B

41ms
40ms

Image
image/avif

63.35.4.196
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=327&uid=fec90650-262b-4687-bac7-5c281cd00a75&gdpr=0&gdpr_consent=&us_privacy=1YN-
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 63.35.4.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-35-4-196.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:44 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=327&uid=fec90650-262b-4687-bac7-5c281cd00a75&gdpr=0&gdpr_consent=&us_privacy=1YN-
date: Mon, 27 Jun 2022 07:07:43 GMT
cache-control: max-age=0, private, must-revalidate
x-envoy-upstream-service-time: 1
server: envoy
content-length: 0

GET
H2

200

sync
ads.servenobid.com/ Frame E671
Redirect Chain

https://ups.analytics.yahoo.com/ups/58559/occ
https://ups.analytics.yahoo.com/ups/58559/occ?verify=true
https://ads.servenobid.com/sync?pid=337&uid=y-Fn9b0_RE2uG8EyLIXdic_4z7nSlfoTYoI.OvGAE-~A

0
367 B

52ms
52ms

Image
image/avif

63.35.4.196
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=337&uid=y-Fn9b0_RE2uG8EyLIXdic_4z7nSlfoTYoI.OvGAE-~A
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 63.35.4.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-35-4-196.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:44 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=337&uid=y-Fn9b0_RE2uG8EyLIXdic_4z7nSlfoTYoI.OvGAE-~A
date: Mon, 27 Jun 2022 07:07:44 GMT
server: ATS/9.1.0.46
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET csync
sync2.resetdigital.co/ Frame E671 0
0

GET redirectuser
ssp.disqus.com/ Frame E671 0
0

GET
H2

200

sync
ads.servenobid.com/ Frame E671
Redirect Chain

https://ups.analytics.yahoo.com/ups/58632/occ
https://ups.analytics.yahoo.com/ups/58632/occ?verify=true
https://ads.servenobid.com/sync?pid=339&uid=y-Fn9b0_RE2uG8EyLIXdic_4z7nSlfoTYoI.OvGAE-~A

0
367 B

53ms
51ms

Image
image/avif

63.35.4.196
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=339&uid=y-Fn9b0_RE2uG8EyLIXdic_4z7nSlfoTYoI.OvGAE-~A
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 63.35.4.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-35-4-196.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:44 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=339&uid=y-Fn9b0_RE2uG8EyLIXdic_4z7nSlfoTYoI.OvGAE-~A
date: Mon, 27 Jun 2022 07:07:44 GMT
server: ATS/9.1.0.46
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET buyers
dmx.districtm.io/s/v1/ Frame A8B1 0
0

GET PugMaster
image6.pubmatic.com/AdServer/ Frame 9B45 0
0

GET

x3V0s_Fd9Weq2XVc4WJing
pr-bh.ybp.yahoo.com/sync/rubicon/ Frame 07E6
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/x3V0s_Fd9Weq2XVc4WJing?csrc=

0
0

GET

pixel
cm.g.doubleclick.net/ Frame 07E6
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NDk5ZmY1ZWMwMDFhNzJkMTczZWIzMzkwNjUzMmE4ODJlY2M4YWFhMg

0
0

GET dcm
aax-eu.amazon-adsystem.com/s/ Frame 07E6 0
0

GET

setuid
px.ads.linkedin.com/ Frame 07E6
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L4WEDXXY-F-FMZH

0
0

GET

pixel
cm.g.doubleclick.net/ Frame 07E6
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRXRURYWFktRi1GTVpI

0
0

GET dcm
s.amazon-adsystem.com/ Frame 07E6 0
0

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 07E6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESECbkn_ayhDTKbM5eed44xTg&google_cver=1

0
239 B

59ms
59ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESECbkn_ayhDTKbM5eed44xTg&google_cver=1
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:44 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESECbkn_ayhDTKbM5eed44xTg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame 07E6 70 B
264 B 52ms
52ms Image
image/gif 15.197.193.217

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:44 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET

usersync
usersync.gumgum.com/ Frame 9074
Redirect Chain

https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID
https://usersync.gumgum.com/usersync?b=apn&i=5214413045658809812

0
0

GET sync
x.bidswitch.net/ Frame 9074 0
0

GET redirectObuid
sync.outbrain.com/ Frame 9074 0
0

GET

usersync
usersync.gumgum.com/ Frame 9074
Redirect Chain

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://usersync.gumgum.com/usersync?b=opx&i=5d5a246c-6bf2-40ec-a3ba-d8c41ab14d45

0
0

GET sync
sync.srv.stackadapt.com/ Frame 9074 0
0

GET

usersync
usersync.gumgum.com/ Frame 9074
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
https://usersync.gumgum.com/usersync?b=oth&i=y-uKcvim9E2pca50Fcvu6I2hJgt.STT_ZIIvgQ~A

0
0

GET generic
sync.ipredictive.com/d/sync/cookie/ Frame 9074 0
0

GET services
sync.technoratimedia.com/ Frame 9074 0
0

GET 142
match.deepintent.com/usersync/ Frame 9074 0
0

GET

23178
stags.bluekai.com/site/ Frame 9074
Redirect Chain

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_296ec973-b23c-41b1-9c26-bcc8515f0145&gdpr=0&gdpr_consent=&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__
https://stags.bluekai.com/site/23178?id=wYDU8uqqLPELi4VCRlPg&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS65LTMVZHG6LOMMXGO5LNM52W2LTDN5WS65LTMVZHG6LO...

0
0

GET server_match
ad.360yield.com/ Frame 9074 0
0

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame 9074
Redirect Chain

https://sync.1rx.io/usersync2/floor6?gdpr=0&gdpr_consent=&dspret=1&redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3D%5BRX_UUID%5D
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1834780044

70 B
264 B

46ms
46ms

Image
image/gif

15.197.193.217

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1834780044
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 15.197.193.217 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:44 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:44 GMT
server: Tengine
etag: RXd119f09362e045a585978247179d91d7003
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1834780044
cache-control: no-store, no-cache, must-revalidate
content-type: text/html
expires: 0

GET rtset
bh.contextweb.com/bh/ Frame 9074 0
0

GET sync
ssbsync.smartadserver.com/api/ Frame 9074 0
0

GET
H2 200 sync
ads.servenobid.com/ Frame 9074 0
357 B 42ms
40ms Image
image/avif 63.35.4.196
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=309&uid=e_296ec973-b23c-41b1-9c26-bcc8515f0145
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.35.4.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-35-4-196.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:44 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET img
sync.mathtag.com/sync/ Frame 75AE 0
0

GET URnmbSKM
sync-tm.everesttech.net/upi/pid/ Frame 9E4B 0
0

GET
H3 200 pixel Show response
cm.g.doubleclick.net/ Frame BA66 170 B
188 B 55ms
54ms Document
image/png 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8yOTZlYzk3My1iMjNjLTQxYjEtOWMyNi1iY2M4NTE1ZjAxNDU=&gdpr=0&gdpr_consent=

Requested by

Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 170
content-type: image/png
cross-origin-resource-policy: cross-origin
date: Mon, 27 Jun 2022 07:07:44 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
server: HTTP server (unknown)
x-xss-protection: 0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 05A7 15 KB
6 KB 75ms
74ms Document
text/html 184.87.212.214

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.87.212.214 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=145575
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Mon, 27 Jun 2022 07:07:44 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Tue, 28 Jun 2022 23:33:59 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H2 200 generic Show response
match.adsrvr.org/track/cmf/ Frame 729B 70 B
264 B 40ms
39ms Document
image/gif 15.197.193.217

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-length: 70
content-type: image/gif
date: Mon, 27 Jun 2022 07:07:44 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

GET um
cs.emxdgt.com/ Frame 05B6 0
0

GET idsync
tg.socdm.com/aux/ Frame 85B7 0
0

GET cm-notify
creativecdn.com/ Frame DBFC 0
0

GET

usync.html
eus.rubiconproject.com/ Frame 3230
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
https://eus.rubiconproject.com/usync.html?p=gumgum

0
0

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 0DCD 70 B
264 B 45ms
44ms Image
image/gif 15.197.193.217

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:44 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 0DCD 170 B
188 B 61ms
60ms Image
image/png 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YrlXPZ3CbO9m7u6e95JT8QAAApUAAAIB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 07:07:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET dcm
s.amazon-adsystem.com/ Frame 0DCD 0
0

GET getuid
secure.adnxs.com/ Frame 0DCD 0
0

GET

crum
dsum-sec.casalemedia.com/ Frame 0DCD
Redirect Chain

https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5140084921088249835

0
0

GET
H2 200 YrlXPZ3CbO9m7u6e95JT8QAAApUAAAIB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 0DCD 0
0 94ms
49ms Image
image/gif 2a05:d018:d29:3602:68f1:8fce:a96f:e71c

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/casale/YrlXPZ3CbO9m7u6e95JT8QAAApUAAAIB?gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3602:68f1:8fce:a96f:e71c -, , ASN (),

Reverse DNS

Software

ATS /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:44 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff

GET cs
ad.turn.com/r/ Frame 0DCD 0
0

GET bridge
cm.adgrx.com/ Frame 0DCD 0
0

GET
H2 200 sync
ads.servenobid.com/ Frame 0DCD 0
357 B 70ms
46ms Image
image/avif 63.35.4.196
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=333&uid=YrlXPZ3CbO9m7u6e95JT8QAAApUAAAIB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.35.4.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-35-4-196.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:44 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H2 200 sync
ads.servenobid.com/ Frame 4BE8 0
344 B 65ms
50ms Image
image/avif 63.35.4.196
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=317&uid=2854797133430991810&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.35.4.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-35-4-196.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:07:44 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET rtset
bh.contextweb.com/bh/ Frame 4BE8 0
0

GET match
c1.adform.net/serving/cookie/ Frame 4BE8 0
0

GET /
rtb-csync.smartadserver.com/redir/ Frame 4BE8 0
0

GET

generic
match.adsrvr.org/track/cmf/ Frame 4BE8
Redirect Chain

https://sync.1rx.io/usersync2/smartadserver?gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4753988253

0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: dmx.districtm.io
URL: https://dmx.districtm.io/b/v1

Domain: hbopenbid.pubmatic.com
URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client

Domain: x.yieldlift.com
URL: https://x.yieldlift.com/getuid?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D314%26uid%3D%24UID

Domain: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D332%26uid%3D

Domain: sync2.resetdigital.co
URL: https://sync2.resetdigital.co/csync?pid=durationmedia&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D345%26uid%3DBUYER_USER_ID

Domain: ssp.disqus.com
URL: https://ssp.disqus.com/redirectuser?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D346%26uid%3DBUYERUID

Domain: dmx.districtm.io
URL: https://dmx.districtm.io/s/v1/buyers

Domain: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=20219018&p=158261&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=

Domain: pr-bh.ybp.yahoo.com
URL: https://pr-bh.ybp.yahoo.com/sync/rubicon/x3V0s_Fd9Weq2XVc4WJing?csrc=

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NDk5ZmY1ZWMwMDFhNzJkMTczZWIzMzkwNjUzMmE4ODJlY2M4YWFhMg

Domain: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=

Domain: px.ads.linkedin.com
URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L4WEDXXY-F-FMZH

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRXRURYWFktRi1GTVpI

Domain: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=

Domain: usersync.gumgum.com
URL: https://usersync.gumgum.com/usersync?b=apn&i=5214413045658809812

Domain: x.bidswitch.net
URL: https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_296ec973-b23c-41b1-9c26-bcc8515f0145&gdpr=0&gdpr_consent=&us_privacy=1---

Domain: sync.outbrain.com
URL: https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D

Domain: usersync.gumgum.com
URL: https://usersync.gumgum.com/usersync?b=opx&i=5d5a246c-6bf2-40ec-a3ba-d8c41ab14d45

Domain: sync.srv.stackadapt.com
URL: https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=

Domain: usersync.gumgum.com
URL: https://usersync.gumgum.com/usersync?b=oth&i=y-uKcvim9E2pca50Fcvu6I2hJgt.STT_ZIIvgQ~A

Domain: sync.ipredictive.com
URL: https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D

Domain: sync.technoratimedia.com
URL: https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D

Domain: match.deepintent.com
URL: https://match.deepintent.com/usersync/142?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D

Domain: stags.bluekai.com
URL: https://stags.bluekai.com/site/23178?id=wYDU8uqqLPELi4VCRlPg&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS65LTMVZHG6LOMMXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT252ZIRKTQ5LROFGFARKMNE2FMQ2SNRIGOJTVONPXA4TJOZQWG6J5GEWS2LI&gdpr=0&us_privacy=1---

Domain: ad.360yield.com
URL: https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D

Domain: bh.contextweb.com
URL: https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25

Domain: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=

Domain: sync.mathtag.com
URL: https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d

Domain: sync-tm.everesttech.net
URL: https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=

Domain: cs.emxdgt.com
URL: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=0&gdpr_consent=

Domain: tg.socdm.com
URL: https://tg.socdm.com/aux/idsync?proto=gumgum

Domain: creativecdn.com
URL: https://creativecdn.com/cm-notify?pi=gumgum

Domain: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum

Domain: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YrlXPZ3CbO9m7u6e95JT8QAAApUAAAIB

Domain: secure.adnxs.com
URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1

Domain: dsum-sec.casalemedia.com
URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5140084921088249835

Domain: ad.turn.com
URL: https://ad.turn.com/r/cs?pid=21&gdpr=1

Domain: cm.adgrx.com
URL: https://cm.adgrx.com/bridge?AG_PID=casale&AG_SETCOOKIE&gdpr=1

Domain: bh.contextweb.com
URL: https://bh.contextweb.com/bh/rtset?pid=560288&ev=1&rurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D92%26partneruserid%3D%25%25VGUID%25%25&gdpr=0&gdpr_consent=

Domain: c1.adform.net
URL: https://c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent=

Domain: rtb-csync.smartadserver.com
URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=134&partneruserid=OB_OK&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmart_adserver_eb%26google_hm%3DSMART_USER_ID_B64&gdpr=0&gdpr_consent=

Domain: match.adsrvr.org
URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4753988253

Verdicts & Comments Add Verdict or Comment

90 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

29 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
thehackernews.com/2022/06	1969-12-31 23:59:59	Name: _ga4s Value: 1
thehackernews.com/2022/06	1969-12-31 23:59:59	Name: _ga4sid Value: 1621521042
.thehackernews.com/	1970-01-22 13:11:59	Name: _ga4 Value: c97a4dc5-9101-48a5-a236-e95d31942845
thehackernews.com/	1970-01-20 04:05:15	Name: __AP_SESSION__ Value: 3492f4d2-0143-442c-a164-ab24056788e2
thehackernews.com/	1970-01-20 04:48:25	Name: _pbjs_userid_consent_data Value: 3524755945110770
.thehackernews.com/	1970-01-20 04:48:25	Name: _pubcid Value: d5f9ed2b-5448-4775-822f-d3d8926d4e63
.lijit.com/	1970-01-20 12:50:49	Name: ljtrtb Value: eJyrrgUAAXUA%2BQ%3D%3D
.prebid.a-mo.net/	1970-01-20 12:50:49	Name: __amc Value: 1_1656313657_1656313657
.rubiconproject.com/	1970-01-20 12:50:49	Name: khaos Value: L4WEDXXY-F-FMZH
.rubiconproject.com/	1970-01-20 12:50:49	Name: audit Value: 1\|naVuGyos1qrtFHcFE+ayZlqbBgMWySGKoH1GQZR6kugdY+/zvkQ2dCKRe9lIwwg+9x5A7tZTyZts7SrQMA2MP+BxGCOXoSK1B7LZVvBDjjLc6UO785F0Pw==
.quantserve.com/	1970-01-20 13:35:28	Name: mc Value: 62b9573a-3315b-8cf10-64612
.thehackernews.com/	1970-01-20 13:29:42	Name: __qca Value: P0-1367536571-1656313658173
thehackernews.com/	1970-01-20 13:26:49	Name: cto_bidid Value: qnyyyV9HSEtYaW9oWmxuMkNBRkdXQVQ0T0pKdVVOcEJGTWJFa2xMUzhmWWtVbjElMkZWdGhlSjRWZ0xGR094bW0zejN5WXQ0QVRIWGRhekttblhid1hQN1hla1pRJTNEJTNE
thehackernews.com/	1970-01-20 13:26:49	Name: cto_bundle Value: VzKv419VMmp3QnJGJTJGN09FbWs3Z0swT0E3TllSWWV6cEpEVHRONnk5VllEaTM2aXdYRFRtY2xuVDdyUktQZ05DRHFvem5QSGl2JTJCZjUzWXhYV1hUMGs1RHNwZDlWOGRXVTdobUgya0lPJTJCVFlJJTJCMUtiYWRtcHJ4SmJRMDNSM0RsV0pOWDBG
.doubleclick.net/	1970-01-20 13:26:49	Name: IDE Value: AHWqTUnpt0ew1BfMU9-SW5vBVKVSpV3GxrNsMtjWg8o4HhdKWb7AZXXUojc3klXhZFo
.doubleclick.net/	1970-01-20 04:05:17	Name: DSID Value: NO_DATA
.criteo.com/	1970-01-20 13:26:49	Name: uid Value: 74f74ff6-ea8a-4b16-a931-3d83403a3b73
.thehackernews.com/	1970-01-20 13:26:49	Name: cto_bundle Value: 7H8ot19VMmp3QnJGJTJGN09FbWs3Z0swT0E3TllaTTNtb1d2OUJ4JTJGbjRjQkVEN1NKdllxUHhFVG82TGZnMDk5dUVub3BocDElMkZreWJweXRtbWpmN1VtRTlIa25rcE1ITzlId1M1a0RMNnhGbUk0RG9YZ05tZEZzdVc2TzlhRENMYUJXMVlzJTJCZ3N0NWswb1R2Y0FwZVQwazV1NzclMkZBU2pRc0E4VlVHcGtMOENneGR0JTJGYUElM0Q
.thehackernews.com/	1970-01-20 13:26:49	Name: __gads Value: ID=42f4e77790797776:T=1656313658:S=ALNI_MZ85Q2fzN924DVok_dGpwOpBHOHJQ
.adnxs.com/	1970-01-20 06:14:49	Name: uuid2 Value: 5214413045658809812
.casalemedia.com/	1970-01-20 12:50:49	Name: CMID Value: YrlXPZ3CbO9m7u6e95JT8QAA
.casalemedia.com/	1970-01-20 06:14:49	Name: CMPS Value: 661
.casalemedia.com/	1970-01-20 06:14:49	Name: CMPRO Value: 661
.adnxs.com/	1970-01-20 06:14:49	Name: anj Value: dTM7k!M41.D>6NRF']wIg2In=hHkBZ!]tbPl1M>e)ZlrFUfJ+tGXxo3I.nlb9.lUAG3$^OSm!z3[h@hOQ<:yo>X*On3If)y3KL9D3I?+ka2.%)
.travelaudience.com/	1970-01-20 13:34:01	Name: _tracker Value: %7B%22UUID%22%3A%2202ACECE8-5FC4-45D1-BED7-E1C46EBF9381%22%7D
.simpli.fi/	1970-01-20 12:52:16	Name: suid Value: 6B09D60137444AB0BD333C1652E809BA
.de17a.com/	1970-01-20 12:43:37	Name: guid2 Value: 1.6774509198613527069
.casalemedia.com/	1970-01-20 06:14:49	Name: CMTS Value: 4556
.zemanta.com/	1970-01-20 12:50:49	Name: zuid Value: wYDU8uqqLPELi4VCRlPg

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://dmx.districtm.io/b/v1 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://dmx.districtm.io/s/v1/buyers Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1 Message: Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.teads.tv
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.360yield.com
ad.turn.com
adpushup-d.openx.net
ads.pubmatic.com
ads.servenobid.com
ads.travelaudience.com
ads.yieldmo.com
adservice.google.co.uk
adservice.google.com
ap.lijit.com
b1sync.zemanta.com
bh.contextweb.com
bidder.criteo.com
btlr.sharethrough.com
c.amazon-adsystem.com
c1.adform.net
cdn.adpushup.com
cdn.connectad.io
cdn.districtm.io
cdn.jsdelivr.net
cdnjs.cloudflare.com
ce.lijit.com
cm.adgrx.com
cm.g.doubleclick.net
code.jquery.com
contextual.media.net
creativecdn.com
cs.emxdgt.com
d5p.de17a.com
dclk-match.dotomi.com
dmx.districtm.io
dsum-sec.casalemedia.com
e3.adpushup.com
eus.rubiconproject.com
f3c90b701ec0681497b669178bfdb2c7.safeframe.googlesyndication.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
g2.gumgum.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hbopenbid.pubmatic.com
i.connectad.io
ib.adnxs.com
image6.pubmatic.com
match.adsrvr.org
match.deepintent.com
mug.criteo.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.quantserve.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
prebid-server.rubiconproject.com
prebid.a-mo.net
prebid.media.net
public.servenobid.com
px.ads.linkedin.com
rtb-csync.smartadserver.com
rules.quantcount.com
s.amazon-adsystem.com
s0.2mdn.net
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
ssp.disqus.com
ssum-sec.casalemedia.com
stags.bluekai.com
static.criteo.net
sync-eu.connectad.io
sync-tm.everesttech.net
sync.1rx.io
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.srv.stackadapt.com
sync.technoratimedia.com
sync2.resetdigital.co
tg.socdm.com
thehackernews.com
tpc.googlesyndication.com
u.openx.net
um.simpli.fi
ups.analytics.yahoo.com
usersync.gumgum.com
web.hb.ad.cpe.dotomi.com
www.google.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
x.yieldlift.com
aax-eu.amazon-adsystem.com
ad.360yield.com
ad.turn.com
bh.contextweb.com
c1.adform.net
cm.adgrx.com
cm.g.doubleclick.net
creativecdn.com
cs.emxdgt.com
dmx.districtm.io
dsum-sec.casalemedia.com
eus.rubiconproject.com
hbopenbid.pubmatic.com
image6.pubmatic.com
match.adsrvr.org
match.deepintent.com
pr-bh.ybp.yahoo.com
px.ads.linkedin.com
rtb-csync.smartadserver.com
s.amazon-adsystem.com
secure.adnxs.com
ssbsync.smartadserver.com
ssp.disqus.com
stags.bluekai.com
sync-tm.everesttech.net
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.srv.stackadapt.com
sync.technoratimedia.com
sync2.resetdigital.co
tg.socdm.com
usersync.gumgum.com
x.bidswitch.net
x.yieldlift.com
104.18.19.126
104.92.74.8
142.250.181.226
142.250.185.194
143.204.93.3
147.75.85.234
15.197.193.217
151.101.129.108
169.50.137.182
172.217.16.130
178.250.0.165
178.250.2.146
18.156.0.31
18.192.170.39
184.87.212.214
185.33.220.240
185.86.139.93
193.0.160.128
2.18.232.7
2.18.235.93
2001:4de0:ac18::1:a:3b
213.155.156.167
213.19.147.44
216.52.2.30
216.52.2.48
23.97.225.52
2600:9000:2156:2200:6:44e3:f8c0:93a1
2602:803:c003:200::21
2606:4700:10::6816:36ce
2606:4700:20::681a:161
2606:4700:4400::ac40:99f7
2606:4700::6810:5614
2606:4700::6811:190e
2620:116:800d:21:7eb1:3826:be7e:d981
2620:1ec:40::45
2a00:1450:4001:803::2001
2a00:1450:4001:806::2001
2a00:1450:4001:806::2002
2a00:1450:4001:806::200a
2a00:1450:4001:811::2002
2a00:1450:4001:813::2002
2a00:1450:4001:829::2006
2a00:1450:4001:82a::2003
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2004
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2003
2a00:1450:4014:80a::2002
2a02:2638:1::3
2a02:2638::1c
2a02:fa8:8806:13::1460
2a02:fa8:8806:20::2010
2a05:d018:d29:3602:68f1:8fce:a96f:e71c
34.107.148.139
34.98.64.218
35.156.141.29
35.190.0.66
51.75.86.98
52.213.153.112
52.222.214.44
52.30.242.212
63.35.4.196
69.173.144.165
70.42.32.191
00f028d9f3a2d7eb15eaa043cc86a4ec039dd0b7d842a8e292e37cd4c7b4c869
019d22d3e70ec460a085db138f131a9d77cb25175dd7eecb155305c270ed221c
03418c354cee4b4204d83630572a048be353e3f26c293c869191a0d9a0494e1c
03f848430009dfc2116b88af857bb44ef073aca257eb71ff8575e8f0f1fc0f3a
0413c66952464f1ecd016f7bcaab521634a380fc3f9b1b907caa11cb70c2ebc5
05aa2b31f514dde2221f41a1030345005a344cba719a2e16b79c0a0962390bc0
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06bba7bf81059fcee2df4d14f5f662de94319c0eb80635615392f62866366456
077e436b2bd9a3f6b9e1206276ff987021a9a13d6c44ef709e2883c2265ac05c
0899916faab8eec429860e604f0112abda9945f3d95ce71404544f915b2b3d46
08f0465386d9897c95370a004f5251b304dc4f94a73541cccd1ee87c02de2f60
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0f46567d3913857de0723b7efb8737672353d3ac6c0470a44d2017a9806b7bf2
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
196b425485c119046eada45bc1a473e6c35f7f8c5a94824873535de823af517f
22bd211c8f9d12b20bd22f646e2e5cc968aec23b674f33df44756ad73ac817e9
2455899f7791e649879679e82f26977c45b655b744b8e8b3d2a5c37d9b7a2a7c
26914004d3a8d5ddde2202b642d7936eb61c9f195b5cd3c87e44ef8ad4d57c16
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2f4f0396a03ed8551502e15da4ce36719b36e9d600bc03f32b1093e70934f57b
37cb807869a39b375152aa790119346a89af633d4e9b84bb0e39cbd8ef07212b
3809139f77b223c5f82d54f520b332de924f0acd84dd686e5ab28015fad74d6b
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3d8ab8467b889847c12c542bee765afc54acbaff1cc91ce3197ab4f2be8f08ff
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40c521c64b2d083d7fcb658a185feabfc8e0dd2092b2e650f301933bdc58d456
41f36457d5ec5bd7d115c29bea53e0d1ff77de7418837ef39e897f3b7d497e8a
430616bb058bbd9355767fef759da525bbfc256460337fe73377e6584b039057
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
451590728e7ef03fcf9e42836867a517221c5c824e1a5c8f4a2dbc88bcfd0275
45923d591de1250ed4cd9d46f3640bea0f056f8efc38cbbd06ecd35d0b5c51f3
45ec82ebc637502ce6e9e20240df5a3dc83e5b02e16714179b15bc07302a0e85
479ab423a43aecf5d5e8a5b1de4235c848f17e321c38663f21f18cc8cfe23fa4
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
54c22409172c05d9c78dc290c92c8a6b8487378b6f82f26604b478a566bda9e0
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5e11546a93f99f4b0b79d7e9a993b8f0a9a239fb1e101810738f3bff890ba549
5e5c9149be229df7c934f8cd1acf1b3cc9e04e29cbbe6cbe0e2d726e79930cff
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
678cfbbbcdc4f8118965675c9c380aeb23c3d201f95034a4e61eb10afc036103
6795c5c8b9b0aeb87d6663ccd7a71fb9d2f2817fe9b5c2e67bce0d5a5e1309a1
688a1e2444a1171a4cfbc8674c62d53bc663bf35a7825eb3563851e79694411c
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c
6d21e70d3c17b5aa46df1396411e14d097387f624eddbe804e88e12fba661a53
6d8e6138c7cf0944d755a4757f5c2b3803ede310e05af81ff90d4fe98bb6c4d5
6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f
710d093c698933a1fc0346c407f2d71d4e2b6fb58cc594cd121c65bf707a7202
73f85b949987db91e6d2e4b11a8b5ee5ab0737277bcf2887724e9ce76d38f6fe
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
75a2067c9dff8e58ae83cdb8ee4fe896013966ac4e8f3f1d5e8a75f27c9a1ae2
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
7bd4c59f12df732512d21f75c09aeb719710d8febb5e5c49af6c495f6c3423dc
84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30
86ab3cda639665398d2acb39c92a92aa6ca2ca5486ecec73698a51c6b870af7d
87441230bee08b4c3c704d897321976bd45c42500330d653a9867f952f3cb666
8961878cce1987facfa14ded58441a22f9dd59704dc61d815f9019755f773bda
89c027aa9e4fcb8869b7033a8ccd916200f90b12b84fa1ad5ce1d6d864ddd3e6
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8c35724525e653b7bf88daa452275689c2f6d7567a3016ec171b14118e64e59e
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
9199f15f4d45217b5ba9c06b1a9a2c68e3d3c15961c598d82000d2aeb920aaf2
92cc22507e69f2baa9a37f4dd7767bad45f4531a1667fd8cfb0665dd7bfd52d1
93eef65f3ca83652f1f21f8c616c1469bbf099fac22f214138d7ca67ac991e92
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
9834f2bde632b419715af174d5de50cc8e35409b56d47a5e22d3c113de0828ff
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b4a73cef58d578f829aea292dfe05501c53f2598551853f0655222890274caf
9b87ba9f38a8905c569f57b2e7f262a904383984fb76af355216f2cd31e856a7
9d64f4662969ecae048bd993de6d91ef6296d12a7c059a08589c6bddb4a21875
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a2625083f682f667dbd0121720f86b02cc023e7cc2c36d1fad2d1a3dbe0b8cc6
a2cba1141d784827ad237feecdcb29cd406098a38f720d8b204197cfef9a0f6c
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a71328300f380217ae0abf7f805052a10a0c196cb241eb97adf9b905e4a48c8a
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a8e85d380b3f0593cf9f1b5a8329131112d4cc7a4baf56ad9cbfa31cd3bc41ed
aa30e995c85f54393f61a3979b94bdda3c9a0882fe626502c98a9c4bf69ac2a0
aa3777d578531c63cb5b48a28d1f0135a9769ca2ee44ae916aadb341089140e1
aa6545f4f990af3405e218436164a0cdc74e77ec18e2b1f074e1e602e2597f32
ac18a7fd18fdefc3438e0034961c575d1bbfe6f1772742fdb7d66fe76b4ec04a
ae2e1dc0161fa05e80b225682868a9bfbab08c503b2429f06339d4487f160ac2
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3ae51ffdbcab9ba72045b701d3d6b4c9832c7d9ff46f45affdea9e8f2bc4293
b75b3b21ae775a45091f0e3bf542ad86aa9b243dc2d6548d85090c79a1ccf68b
b796b9cb729c2d6e7f3716f37d32763c6d6bce51be65d9082f49a0845f2adc6a
b932ba7e0467de4916318810f04d13f5c2420d985cbd9fcf2fa8e2f88ba4c02c
b97d2c98f8bac4ee72d075d577db22903f83ae9a2742b9caef94f0842b459348
b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c0d67bdb6efb8956499314dd271d21f8de70cd142e358b9dc16c1ea5617b2c24
c2776be367357d726b7299a810157121ac8f7a5ea23dea4103c9bedc3f2c8307
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c6a9d65e5bd6eb2447ea57e398e1d30f3c6e2d022ecf195933d161ffed964690
c8118c5f09297cbd32853cbc9fae0c56602988574957dfe3fc032c4441631060
c8247e71c60f01cce914615568139113018a1a129dceb0fe0af55edb0211b8fd
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cd458c32f7959669c5d0c9af8b60d1b4bb8b5151b516a3001e75006e2359ae21
d31dcce28ef00f22559cf2f2d3f2d4d442dafb2fdbcec52c4f09a0df9b611408
d39bdb9bdf2755506f5952405e4e641647ed4ca98df43fb72bc7fe8c18112732
db74e32218f93d9da40f157c5f75a05bc8f495ff4c388fbeb2d4b361a61fe883
dd170cf2c227290a307f2f3ddf6565df1c7df35f19279e55bc0cf3d1c9e596dc
e14a8d7acd57fba2eee8db28de82e10957fa2d6e7b7296f3aa478a0895a200d4
e2225748345f1572a7b8f7963a81a2a9e05ffb730231a38d3862db4dd59d7f09
e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3fbe67fed994d974916f80939f43e83889b033b3a565f349f26255620037a4d
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f29d89be4c30c2bbd4241659e128a38aa1630da30b002c0a1f107c7bf27d1e2c
f570d3cfc5df9a889452f6a2e8ea3ea6c3e6691824d54106d8928efc3abf8600
f752ad8cf812a358129aac3fd9784b0baf6f19899eb49116f08a1afab1fa133e
f7601942c7cfe64b502fa3709096757905d452b92dd6089fd115715ccd8909aa
f88754ecdaeedbf69845f3cb4015909beff31f92b173185c075ff8ab40ae3d02
f8a77dbfd7d146589c126730442c742596c91085cce6763f61d03fb13a9ebd1f
f951e337d8855ecb4b1edbff4fd7593442f5e0e4b64052c22bf9f6b5f98274b3
fb513f6173396cc8dcef3ae1f88b0b8b11a1cd5b5e1142639c83e91c7ae26e08
fd49219477a365773f010355db7e75d2430693594965a28d835d7c579536948f
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

thehackernews.com Open in urlscan Pro 2606:4700:20::681a:161 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

267 Requests

76 %HTTPS

44 %IPv6

67 Domains

99 Subdomains

57 IPs

8 Countries

2240 kBTransfer

5546 kBSize

29 Cookies

35 Outgoing links

Redirected requests

267 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

thehackernews.com Open in urlscan Pro
2606:4700:20::681a:161 Public Scan

Screenshot
Live screenshot

Full Image

267
Requests

76 %
HTTPS

44 %
IPv6

67
Domains

99
Subdomains

57
IPs

8
Countries

2240 kB
Transfer

5546 kB
Size

29
Cookies

267 HTTP transactions
11 data transactions