securityaffairs.co Open in urlscan Pro
2001:8d8:100f:f000::289 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Submission: On February 17 via api (February 17th 2021, 1:39:56 pm UTC) from US

Summary HTTP 363 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 71 IPs in 10 countries across 72 domains to perform 363 HTTP transactions. The main IP is 2001:8d8:100f:f000::289, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is securityaffairs.co.
TLS certificate: Issued by GeoTrust RSA CA 2018 on March 8th 2020. Valid for: a year.

This is the only time securityaffairs.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
51	2001:8d8:100f... 2001:8d8:100f:f000::289	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
1	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:3b	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2600:9000:21a... 2600:9000:21a1:aa00:3:c04e:c780:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:212... 2600:9000:2127:6000:1c:8a07:5e80:93a1	16509 (AMAZON-02) (AMAZON-02)
1 25	184.30.24.22 184.30.24.22	16625 (AKAMAI-AS) (AKAMAI-AS)
11	68.183.31.14 68.183.31.14	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
11	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
3	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	2600:9000:212... 2600:9000:2127:ac00:c:abe:f440:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
1	23.62.140.165 23.62.140.165	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:9000:212... 2600:9000:2127:7200:c:a9b7:ddc0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	23.32.238.163 23.32.238.163	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2.16.186.67 2.16.186.67	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	18.195.238.30 18.195.238.30	16509 (AMAZON-02) (AMAZON-02)
11	100.24.200.179 100.24.200.179	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:1f18:42d... 2600:1f18:42df:3a00:e8b1:a0ff:a34c:ada	14618 (AMAZON-AES) (AMAZON-AES)
10	2606:4700:20:... 2606:4700:20::681a:a9c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 6	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
6	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	178.162.133.150 178.162.133.150	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2 11	185.33.221.87 185.33.221.87	29990 (ASN-APPNEX) (ASN-APPNEX)
1 19	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
3	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
6	157.245.94.128 157.245.94.128	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	52.28.203.152 52.28.203.152	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
2 2	104.19.133.78 104.19.133.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14 63	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
4	52.52.52.5 52.52.52.5	16509 (AMAZON-02) (AMAZON-02)
3 6	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1	34.120.207.148 34.120.207.148	15169 (GOOGLE) (GOOGLE)
9 13	52.51.224.103 52.51.224.103	16509 (AMAZON-02) (AMAZON-02)
6	23.218.208.200 23.218.208.200	16625 (AKAMAI-AS) (AKAMAI-AS)
3	23.218.208.187 23.218.208.187	16625 (AKAMAI-AS) (AKAMAI-AS)
11 12	213.19.147.151 213.19.147.151	3356 (LEVEL3) (LEVEL3)
19	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
14 14	35.157.168.25 35.157.168.25	16509 (AMAZON-02) (AMAZON-02)
7 7	185.29.133.199 185.29.133.199	30419 (MEDIAMATH...) (MEDIAMATH-INC)
4 4	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
8 9	198.148.27.139 198.148.27.139	19189 (PULSEPOINT) (PULSEPOINT)
1	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
2 2	18.193.136.159 18.193.136.159	16509 (AMAZON-02) (AMAZON-02)
3 3	2620:116:800d... 2620:116:800d:21:f916:5049:f87f:108e	16509 (AMAZON-02) (AMAZON-02)
5 6	37.157.6.253 37.157.6.253	198622 (ADFORM) (ADFORM)
4	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
2 4	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
3	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
11	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
2 2	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (TURN) (TURN)
3 4	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
3 3	35.158.49.68 35.158.49.68	16509 (AMAZON-02) (AMAZON-02)
2 2	35.210.215.44 35.210.215.44	19527 (GOOGLE-2) (GOOGLE-2)
11 11	52.214.70.9 52.214.70.9	16509 (AMAZON-02) (AMAZON-02)
1 9	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	185.86.139.89 185.86.139.89	201081 (SMARTADSE...) (SMARTADSERVER)
1	178.250.2.151 178.250.2.151	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	213.155.156.181 213.155.156.181	1299 (TELIANET ...) (TELIANET Telia Carrier)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 15	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 3	87.98.128.108 87.98.128.108	16276 (OVH) (OVH)
1	173.231.181.122 173.231.181.122	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1 2	104.18.12.5 104.18.12.5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	199.232.137.44 199.232.137.44	54113 (FASTLY) (FASTLY)
1 2	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
2	2606:4700:10:... 2606:4700:10::ac43:db6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	77.243.60.138 77.243.60.138	42697 (NETIC-AS) (NETIC-AS)
2 2	35.201.96.126 35.201.96.126	15169 (GOOGLE) (GOOGLE)
1	185.64.190.106 185.64.190.106	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 2	159.253.128.188 159.253.128.188	36351 (SOFTLAYER) (SOFTLAYER)
1 1	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
2	185.64.189.114 185.64.189.114	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	18.159.69.204 18.159.69.204	16509 (AMAZON-02) (AMAZON-02)
5 5	151.101.114.49 151.101.114.49	54113 (FASTLY) (FASTLY)
4 4	66.155.71.25 66.155.71.25	13768 (COGECO-PEER1) (COGECO-PEER1)
2 2	159.65.197.210 159.65.197.210	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	2a02:fa8:8806... 2a02:fa8:8806:16::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1	52.28.129.241 52.28.129.241	16509 (AMAZON-02) (AMAZON-02)
1 1	63.33.123.138 63.33.123.138	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	2a02:fa8:8806... 2a02:fa8:8806:13::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1	18.184.181.235 18.184.181.235	16509 (AMAZON-02) (AMAZON-02)
3 3	146.59.148.16 146.59.148.16	16276 (OVH) (OVH)
2 2	52.210.253.186 52.210.253.186	16509 (AMAZON-02) (AMAZON-02)
2 2	193.232.148.141 193.232.148.141	48061 (UMA-TECH-AS) (UMA-TECH-AS)
1 1	31.172.81.160 31.172.81.160	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
1 1	31.172.81.172 31.172.81.172	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
2 2	18.197.47.23 18.197.47.23	16509 (AMAZON-02) (AMAZON-02)
2 2	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
1 1	18.193.131.107 18.193.131.107	16509 (AMAZON-02) (AMAZON-02)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1	185.64.190.81 185.64.190.81	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	52.200.246.203 52.200.246.203	14618 (AMAZON-AES) (AMAZON-AES)
363	71

51 2001:8d8:100f:f000::289 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)

securityaffairs.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:3b (Netherlands)

ASN20446 (HIGHWINDS3, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21a1:aa00:3:c04e:c780:93a1 (United States)

ASN16509 (AMAZON-02, US)

ws.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2127:6000:1c:8a07:5e80:93a1 (United States)

ASN16509 (AMAZON-02, US)

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 184.30.24.22 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-24-22.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lg3.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 68.183.31.14 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

served-by.pixfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 192.0.77.2 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: i2.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i2.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2127:ac00:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.62.140.165 (Schiphol, Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-62-140-165.deploy.static.akamaitechnologies.com

adservetx.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2127:7200:c:a9b7:ddc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.sharethis.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.32.238.163 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-32-238-163.deploy.static.akamaitechnologies.com

pxlclnmdecom-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.186.67 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-67.deploy.static.akamaitechnologies.com

qsearch-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.195.238.30 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-238-30.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 100.24.200.179 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-24-200-179.compute-1.amazonaws.com

dt.clnmde.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:42df:3a00:e8b1:a0ff:a34c:ada (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt6.clnmde.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700:20::681a:a9c (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.pixfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:2638::1c (France) 3 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.162.133.150 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-apex.go.sonobi.com

apex.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 185.33.221.87 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 35.244.159.8 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

pixfuture2-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 157.245.94.128 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

prebidserver.pixfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.28.203.152 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com

c2shb.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.19.133.78 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

cm.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

63 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany) 14 redirects

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.52.52.5 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-52-52-5.us-west-1.compute.amazonaws.com

navvy.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.226 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.207.148 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 148.207.120.34.bc.googleusercontent.com

api.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 52.51.224.103 (Dublin, Ireland) 9 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-224-103.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.218.208.200 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-208-200.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.218.208.187 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-208-187.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 213.19.147.151 (United Kingdom) 11 redirects

ASN3356 (LEVEL3, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 178.162.133.149 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 35.157.168.25 (Frankfurt am Main, Germany) 14 redirects

ASN16509 (AMAZON-02, US)

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 185.29.133.199 (United Kingdom) 7 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 193.0.160.128 (United States) 4 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 198.148.27.139 (New York, United States) 8 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.193.136.159 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:f916:5049:f87f:108e (United States) 3 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 37.157.6.253 (Denmark) 5 redirects

ASN198622 (ADFORM, DK)
PTR: s1.adform.net

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:678:cb4:bbbb::11 (United Kingdom) 2 redirects

ASN56396 (TURN, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.186.253.211 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1288:110:c305::8000 (United Kingdom) 1 redirects

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.158.49.68 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.210.215.44 (Brussels, Belgium) 2 redirects

ASN19527 (GOOGLE-2, US)

ads.programattik.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 52.214.70.9 (Dublin, Ireland) 11 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-214-70-9.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 185.64.189.110 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.139.89 (France) 2 redirects

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.151 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.181 (Sweden) 2 redirects

ASN1299 (TELIANET Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 185.64.190.80 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 87.98.128.108 (France) 3 redirects

ASN16276 (OVH, FR)
PTR: ip108.ip-87-98-128.eu

green.erne.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.231.181.122 (United States)

ASN29791 (VOXEL-DOT-NET, US)

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.12.5 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.232.137.44 (Frankfurt am Main, Germany) 1 redirects

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.248.159 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::ac43:db6 (United States)

ASN13335 (CLOUDFLARENET, US)

mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
spl.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.243.60.138 (Aalborg, Denmark) 1 redirects

ASN42697 (NETIC-AS, DK)

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.96.126 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

visitor.fiftyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.106 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

aud.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 159.253.128.188 (Amsterdam, Netherlands) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: bc.80.fd9f.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.126.56.137 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.114 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.159.69.204 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)

sonata-notifications.taptapnetworks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.114.49 (Frankfurt am Main, Germany) 5 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 66.155.71.25 (Portsmouth, United Kingdom) 4 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 159.65.197.210 (Amsterdam, Netherlands) 2 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:16::1370 (United States)

ASN41041 (VCLK-EU-SE, US)

pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.28.129.241 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

ads.playground.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.33.123.138 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:13::1400 (United States)

ASN41041 (VCLK-EU-SE, US)

openx2-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.184.181.235 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

match.justpremium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 146.59.148.16 (France) 3 redirects

ASN16276 (OVH, FR)
PTR: ns3181477.ip-146-59-148.eu

pixel.onaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.210.253.186 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-253-186.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.232.148.141 (Russian Federation) 2 redirects

ASN48061 (UMA-TECH-AS, RU)

px.adhigh.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 31.172.81.160 (Germany) 1 redirects

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)

sync3.sniperlog.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 31.172.81.172 (Germany) 1 redirects

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)

sync.bumlam.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.197.47.23 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.156.0.31 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.193.131.107 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.81 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.200.246.203 (New York, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
51	securityaffairs.co securityaffairs.co	1 MB
41	doubleclick.net 17 redirects googleads.g.doubleclick.net cm.g.doubleclick.net	51 KB
40	pubmatic.com 2 redirects hbopenbid.pubmatic.com ads.pubmatic.com image6.pubmatic.com image2.pubmatic.com simage2.pubmatic.com aud.pubmatic.com image4.pubmatic.com simage4.pubmatic.com	113 KB
35	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	469 KB
30	media.net 1 redirects contextual.media.net adservetx.media.net lg3.media.net navvy.media.net cs.media.net	280 KB
27	pixfuture.com served-by.pixfuture.com cdn.pixfuture.com prebidserver.pixfuture.com	1 MB
23	openx.net 4 redirects pixfuture2-d.openx.net eu-u.openx.net us-u.openx.net rtb.openx.net	6 KB
22	sonobi.com apex.go.sonobi.com sync.go.sonobi.com	24 KB
14	bidswitch.net 14 redirects x.bidswitch.net	4 KB
14	adnxs.com 2 redirects ib.adnxs.com acdn.adnxs.com	61 KB
13	adsrvr.org 9 redirects match.adsrvr.org	6 KB
13	criteo.com 3 redirects gum.criteo.com mug.criteo.com dis.criteo.com	4 KB
13	wp.com i0.wp.com i1.wp.com i2.wp.com stats.wp.com pixel.wp.com	71 KB
12	clnmde.com dt.clnmde.com dt6.clnmde.com	4 KB
11	bidr.io 11 redirects match.prod.bidr.io	5 KB
9	contextweb.com 8 redirects bh.contextweb.com	6 KB
8	1rx.io 8 redirects sync.1rx.io	5 KB
8	yahoo.com 4 redirects c2shb.ssp.yahoo.com pr-bh.ybp.yahoo.com ups.analytics.yahoo.com	5 KB
7	mathtag.com 7 redirects sync.mathtag.com	4 KB
7	google.com 2 redirects adservice.google.com www.google.com	498 B
6	gstatic.com www.gstatic.com fonts.gstatic.com	80 KB
6	adform.net 5 redirects c1.adform.net	2 KB
5	everesttech.net 5 redirects sync-tm.everesttech.net	1 KB
5	googletagservices.com www.googletagservices.com	149 KB
5	sharethis.com ws.sharethis.com platform-api.sharethis.com buttons-config.sharethis.com l.sharethis.com	40 KB
4	sitescout.com 4 redirects pixel-sync.sitescout.com	2 KB
4	rfihub.com 4 redirects p.rfihub.com	3 KB
4	unrulymedia.com 3 redirects sync.targeting.unrulymedia.com	2 KB
4	google-analytics.com www.google-analytics.com google-analytics.com	38 KB
3	onaudience.com 3 redirects pixel.onaudience.com	1 KB
3	erne.co 3 redirects green.erne.co	897 B
3	w55c.net 3 redirects pm.w55c.net	2 KB
3	quantserve.com 3 redirects pixel.quantserve.com cms.quantserve.com	1 KB
3	google.de adservice.google.de	427 B
3	googleadservices.com partner.googleadservices.com	1 KB
3	akamaihd.net pxlclnmdecom-a.akamaihd.net qsearch-a.akamaihd.net	38 KB
2	advertising.com 2 redirects pixel.advertising.com	936 B
2	adhigh.net 2 redirects px.adhigh.net	1 KB
2	crwdcntrl.net 2 redirects sync.crwdcntrl.net	1 KB
2	dotomi.com pubmatic-match.dotomi.com openx2-match.dotomi.com	207 B
2	bidtheatre.com 2 redirects match.adsby.bidtheatre.com	1 KB
2	simpli.fi 1 redirects um.simpli.fi	1 KB
2	fiftyt.com 2 redirects visitor.fiftyt.com	992 B
2	semasio.net 1 redirects uipglob.semasio.net	1 KB
2	zeotap.com mwzeom.zeotap.com spl.zeotap.com	8 KB
2	tapad.com 1 redirects pixel.tapad.com	616 B
2	taboola.com 1 redirects trc.taboola.com match.taboola.com	560 B
2	tribalfusion.com 1 redirects a.tribalfusion.com s.tribalfusion.com	1 KB
2	de17a.com 2 redirects d5p.de17a.com	637 B
2	smartadserver.com 2 redirects rtb-csync.smartadserver.com	1 KB
2	programattik.com 2 redirects ads.programattik.com	1 KB
2	turn.com 2 redirects ad.turn.com	959 B
2	mfadsrvr.com 2 redirects rtb.mfadsrvr.com	1 KB
2	mgid.com 2 redirects cm.mgid.com	1 KB
2	googleapis.com fonts.googleapis.com Failed	2 KB
2	facebook.net connect.facebook.net	63 KB
1	ipredictive.com 1 redirects sync.ipredictive.com	522 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com	477 B
1	sharethrough.com 1 redirects match.sharethrough.com	354 B
1	bumlam.com 1 redirects sync.bumlam.com	680 B
1	sniperlog.ru 1 redirects sync3.sniperlog.ru	369 B
1	justpremium.com match.justpremium.com	323 B
1	gumgum.com 1 redirects rtb.gumgum.com	337 B
1	playground.xyz ads.playground.xyz
1	taptapnetworks.com 1 redirects sonata-notifications.taptapnetworks.com	314 B
1	adgrx.com cm.adgrx.com	408 B
1	adition.com 1 redirects dsp.adfarm1.adition.com	501 B
1	rlcdn.com api.rlcdn.com	222 B
1	gravatar.com secure.gravatar.com	1 KB
1	consensu.org c.sharethis.mgr.consensu.org	1 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	6 KB
1	googletagmanager.com www.googletagmanager.com	39 KB
363	72

	Domain	Requested by
51	securityaffairs.co	securityaffairs.co
33	cm.g.doubleclick.net	16 redirects eu-u.openx.net securityaffairs.co googleads.g.doubleclick.net
20	pagead2.googlesyndication.com	cdn.pixfuture.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com securityaffairs.co www.googletagservices.com
19	sync.go.sonobi.com	securityaffairs.co
15	simage2.pubmatic.com	1 redirects image6.pubmatic.com ads.pubmatic.com
15	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
14	x.bidswitch.net	14 redirects
13	match.adsrvr.org	9 redirects cdn.pixfuture.com eu-u.openx.net
13	contextual.media.net	securityaffairs.co contextual.media.net
11	match.prod.bidr.io	11 redirects
11	ib.adnxs.com	2 redirects cdn.pixfuture.com acdn.adnxs.com
11	dt.clnmde.com	pxlclnmdecom-a.akamaihd.net securityaffairs.co
11	lg3.media.net	securityaffairs.co contextual.media.net
11	served-by.pixfuture.com	securityaffairs.co served-by.pixfuture.com pagead2.googlesyndication.com
10	cdn.pixfuture.com	served-by.pixfuture.com cdn.pixfuture.com
9	image2.pubmatic.com	1 redirects image6.pubmatic.com ads.pubmatic.com
9	us-u.openx.net	1 redirects eu-u.openx.net
9	bh.contextweb.com	8 redirects securityaffairs.co
8	sync.1rx.io	8 redirects
8	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net
7	sync.mathtag.com	7 redirects
7	eu-u.openx.net	cdn.pixfuture.com eu-u.openx.net
6	c1.adform.net	5 redirects image6.pubmatic.com
6	ads.pubmatic.com	cdn.pixfuture.com ads.pubmatic.com
6	prebidserver.pixfuture.com	cdn.pixfuture.com securityaffairs.co
6	mug.criteo.com	securityaffairs.co
6	gum.criteo.com	3 redirects
5	sync-tm.everesttech.net	5 redirects
5	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
5	i1.wp.com	securityaffairs.co
4	fonts.gstatic.com	fonts.googleapis.com
4	pixel-sync.sitescout.com	4 redirects
4	rtb.openx.net	3 redirects eu-u.openx.net
4	www.google.com	2 redirects googleads.g.doubleclick.net
4	p.rfihub.com	4 redirects
4	sync.targeting.unrulymedia.com	3 redirects securityaffairs.co
4	navvy.media.net	contextual.media.net
3	pixel.onaudience.com	3 redirects
3	ups.analytics.yahoo.com	3 redirects
3	green.erne.co	3 redirects
3	pm.w55c.net	3 redirects
3	pr-bh.ybp.yahoo.com	1 redirects eu-u.openx.net ads.pubmatic.com
3	image6.pubmatic.com	ads.pubmatic.com
3	acdn.adnxs.com	cdn.pixfuture.com
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
3	partner.googleadservices.com	pagead2.googlesyndication.com
3	hbopenbid.pubmatic.com	cdn.pixfuture.com
3	pixfuture2-d.openx.net	cdn.pixfuture.com
3	apex.go.sonobi.com	cdn.pixfuture.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	i2.wp.com	securityaffairs.co
3	i0.wp.com	securityaffairs.co
2	pixel.advertising.com	2 redirects
2	px.adhigh.net	2 redirects
2	sync.crwdcntrl.net	2 redirects
2	match.adsby.bidtheatre.com	2 redirects
2	image4.pubmatic.com	ads.pubmatic.com
2	um.simpli.fi	1 redirects ads.pubmatic.com
2	visitor.fiftyt.com	2 redirects
2	uipglob.semasio.net	1 redirects ads.pubmatic.com
2	pixel.tapad.com	1 redirects image6.pubmatic.com
2	d5p.de17a.com	2 redirects
2	rtb-csync.smartadserver.com	2 redirects
2	ads.programattik.com	2 redirects
2	ad.turn.com	2 redirects
2	www.gstatic.com	googleads.g.doubleclick.net
2	pixel.quantserve.com	2 redirects
2	rtb.mfadsrvr.com	2 redirects
2	cm.mgid.com	2 redirects
2	c2shb.ssp.yahoo.com	cdn.pixfuture.com
2	l.sharethis.com	ws.sharethis.com securityaffairs.co
2	pxlclnmdecom-a.akamaihd.net	contextual.media.net pxlclnmdecom-a.akamaihd.net
2	fonts.googleapis.com	securityaffairs.co googleads.g.doubleclick.net
2	connect.facebook.net	securityaffairs.co connect.facebook.net
1	sync.ipredictive.com	1 redirects
1	spl.zeotap.com	ads.pubmatic.com
1	simage4.pubmatic.com	ads.pubmatic.com
1	cs.media.net	1 redirects
1	gcm.ctnsnet.com	1 redirects
1	cms.quantserve.com	1 redirects
1	match.sharethrough.com	1 redirects
1	sync.bumlam.com	1 redirects
1	sync3.sniperlog.ru	1 redirects
1	match.justpremium.com	eu-u.openx.net
1	openx2-match.dotomi.com	eu-u.openx.net
1	rtb.gumgum.com	1 redirects
1	ads.playground.xyz	ads.pubmatic.com
1	pubmatic-match.dotomi.com	ads.pubmatic.com
1	sonata-notifications.taptapnetworks.com	1 redirects
1	aud.pubmatic.com	ads.pubmatic.com
1	mwzeom.zeotap.com	ads.pubmatic.com
1	match.taboola.com	image6.pubmatic.com
1	trc.taboola.com	1 redirects
1	s.tribalfusion.com	image6.pubmatic.com
1	a.tribalfusion.com	1 redirects
1	cm.adgrx.com	image6.pubmatic.com
1	dsp.adfarm1.adition.com	1 redirects
1	dis.criteo.com	image6.pubmatic.com
1	api.rlcdn.com	cdn.pixfuture.com
1	dt6.clnmde.com	securityaffairs.co
1	qsearch-a.akamaihd.net	securityaffairs.co
1	pixel.wp.com	securityaffairs.co
1	secure.gravatar.com	securityaffairs.co
1	c.sharethis.mgr.consensu.org	ws.sharethis.com
1	adservetx.media.net	contextual.media.net
1	google-analytics.com	securityaffairs.co
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	stats.wp.com	securityaffairs.co
1	platform-api.sharethis.com	securityaffairs.co
1	ws.sharethis.com	securityaffairs.co
1	maxcdn.bootstrapcdn.com	securityaffairs.co
1	www.googletagmanager.com	securityaffairs.co
363	113

This site contains links to these domains. Also see Links.

Domain
play.google.com
www.trendmicro.com
i2.wp.com
www.linkedin.com
www.facebook.com
twitter.com
reddit.com
www.pinterest.com
plus.google.com
www.tumblr.com
www.cssii.unifi.it

Subject Issuer	Validity	Valid
www.securityaffairs.co GeoTrust RSA CA 2018	`2020-03-08` - `2021-04-07`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-09-22` - `2021-10-12`	a year	crt.sh
sharethis.com Amazon	`2020-08-17` - `2021-09-16`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2020-02-25` - `2021-05-26`	a year	crt.sh
*.pixfuture.com Sectigo RSA Domain Validation Secure Server CA	`2019-12-03` - `2021-12-02`	2 years	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-02-10` - `2021-05-10`	3 months	crt.sh
sharethis.mgr.consensu.org Amazon	`2020-05-05` - `2021-06-05`	a year	crt.sh
a248.e.akamai.net DigiCert Secure Site ECC CA-1	`2020-07-15` - `2021-09-13`	a year	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
*.clnmde.com Amazon	`2020-06-04` - `2021-07-04`	a year	crt.sh
dt6.clnmde.com Amazon	`2020-04-27` - `2021-05-27`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-18` - `2021-07-18`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-01-30` - `2021-04-28`	3 months	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2020-12-06` - `2022-01-07`	a year	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2020-12-07` - `2021-12-14`	a year	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-02-11` - `2021-08-03`	6 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-01-19` - `2021-04-13`	3 months	crt.sh
*.googleadservices.com GTS CA 1O1	`2021-01-19` - `2021-04-13`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-14` - `2021-04-23`	a year	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2020-01-02` - `2021-04-02`	a year	crt.sh
*.targeting.unrulymedia.com DigiCert SHA2 Secure Server CA	`2020-05-04` - `2022-05-09`	2 years	crt.sh
*.contextweb.com DigiCert SHA2 Secure Server CA	`2020-05-07` - `2022-05-12`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2021-01-19` - `2021-04-13`	3 months	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-10-30` - `2021-04-27`	6 months	crt.sh
public1.adgear.com Sectigo RSA Domain Validation Secure Server CA	`2020-09-09` - `2021-03-23`	6 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
*.tapad.com DigiCert SHA2 Secure Server CA	`2020-10-05` - `2021-11-06`	a year	crt.sh
*.semasio.net Sectigo ECC Domain Validation Secure Server CA	`2020-03-09` - `2021-03-27`	a year	crt.sh
*.simpli.fi DigiCert SHA2 Secure Server CA	`2019-09-18` - `2021-12-12`	2 years	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2019-06-19` - `2021-08-31`	2 years	crt.sh
ppx.playground.xyz Amazon	`2021-02-05` - `2022-03-06`	a year	crt.sh
tracking.justpremium.com Amazon	`2020-11-26` - `2021-12-25`	a year	crt.sh
track.adform.net DigiCert SHA2 Secure Server CA	`2019-09-16` - `2021-09-20`	2 years	crt.sh

This page contains 52 frames:

Primary Page: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Frame ID: 8DC915B01B6A05EE8303FF048B111153
Requests: 109 HTTP requests in this frame

Frame: https://c.sharethis.mgr.consensu.org/portal-v2.html
Frame ID: B8948D87CB12F9525CD909FCA8D9FE50
Requests: 1 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24274x728x90x4142x_ADSLOT1&keywords=popular,shareit,app,is,affected,severe,flaws,yet,be,fixedsecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24274x728x90x4142x_ADSLOT1&flag=true
Frame ID: B1A39B8608D198C135CC979689501EB2
Requests: 1 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24272x320x50x4142x_ADSLOT1&keywords=popular,shareit,app,is,affected,severe,flaws,yet,be,fixedsecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24272x320x50x4142x_ADSLOT1&flag=true
Frame ID: 44A27276A29E6EA139CAE5398D55D518
Requests: 1 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24272x320x50x4142x_ADSLOT1&keywords=popular,shareit,app,is,affected,severe,flaws,yet,be,fixedsecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24272x320x50x4142x_ADSLOT1&flag=true
Frame ID: CA85CE280305AE4F4957FFFF8ECF99F6
Requests: 1 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24270x300x250x4142x_ADSLOT1&keywords=popular,shareit,app,is,affected,severe,flaws,yet,be,fixedsecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24270x300x250x4142x_ADSLOT1&flag=true
Frame ID: 93E9110505EE8D7772784A9D06BC99AA
Requests: 1 HTTP requests in this frame

Frame: https://pxlclnmdecom-a.akamaihd.net/javascripts/bfp_ssn.js?templateId=3
Frame ID: 468020DC5721B89E918B359CD366AAFD
Requests: 2 HTTP requests in this frame

Frame: https://cdn.pixfuture.com/djax_elastic.js
Frame ID: 1D1D8F235CF3A9A75F8162E18D7C2B0B
Requests: 22 HTTP requests in this frame

Frame: https://cdn.pixfuture.com/djax_elastic.js
Frame ID: 4A16266E79F7FAD1D3FE93258F4C3E60
Requests: 19 HTTP requests in this frame

Frame: https://cdn.pixfuture.com/djax_elastic.js
Frame ID: 59BB7CA38CD253262D4B2A3DF34F76C9
Requests: 22 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV67478.js
Frame ID: 8BB2AA287CF96F0F63226D224EFBB64B
Requests: 6 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV67478.js
Frame ID: 433DBDCEA3B40D631CA8D8D22496D4D1
Requests: 6 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV67478.js
Frame ID: 6ED6A682E88DF9584A2FA285A5C68CAF
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 58D3A51DE55AC65C55D908CFBC19EF91
Requests: 9 HTTP requests in this frame

Frame: https://contextual.media.net/4a/nrrV67478.js
Frame ID: E0E4E27D6D9AC17D3C0AC0AFB6EAD101
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: D5996DABAF2B8936819066ACEC734F19
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210211/r20190131/zrt_lookup.html
Frame ID: 77EA690FAABB9412F419538C60FF2816
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/show_ads.js
Frame ID: 84E61503E42BF7034700FDBC125CC6B6
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492128&pi=t.ma~as.1139220782&w=320&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163518&bpp=23&bdt=292&idt=310&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=2&ga_vid=1723523192.1613569164&ga_sid=1613569164&ga_hid=590709438&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1798819538&scr_x=0&scr_y=0&eid=44736623%2C21068109%2C21068495%2C21068769%2C21068893&oid=3&pvsid=1620580691959385&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.hthzlhm2xcw&fsb=1&xpc=EVWxheMNe0&p=https%3A//securityaffairs.co&dtd=335
Frame ID: DA453C0EE358F4679C7848D45C85D76B
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292
Frame ID: D242C01FEBAE49DCF27AD1D2F298B044
Requests: 14 HTTP requests in this frame

Frame: https://served-by.pixfuture.com/www/delivery/afr.php?zoneid=5529
Frame ID: A6B920A3701A239C8B68545FFA804A07
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: D8C34A156146D12517DAC59AD0293248
Requests: 25 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: D169AA5DCC312DBE5B0AC8E4FDFAA9B0
Requests: 3 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Frame ID: BD0B10804A630E397843051E69F0FBA0
Requests: 7 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 91AEFF8B3C623593D30509CA4A40A54B
Requests: 6 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: F989B10E24FD0E517675CB91F9434E94
Requests: 3 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Frame ID: AB86EDF5C53D46445DBED309E2F6F181
Requests: 7 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Frame ID: E1C733811913A6E95D8416064017F3DB
Requests: 7 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 236B656C72AE372D9353C57758C705CC
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 8850C6EC58950FE0C5A7C43B3C387AE8
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 823C119CEE3B81302389B431E4A0744B
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 0E4FF35EB779053AF277549599EC2D6D
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 4C85BF65AB9BFF98ED7C3127367B3D3C
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 1F3D27D9950216B09C73AB655EFEF653
Requests: 9 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: F4E27A0A881332D0BDADCDFBD2150F35
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=1408901815299007048
Frame ID: 41BBC7DD4ABE2E5667F14F6D4223BA26
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAGgR07AWjkAABBjpTst7Q
Frame ID: 53EACB7978AAF0E01ADA7BA9F88536C9
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6930226823591753881
Frame ID: 5C103E401F4B7E255DC4C29D25B8E2E8
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=ze1MPIDzbyJHHFex1rbUWVTT
Frame ID: FDACD09A96EEF911EDE3F0F3CE4E6D29
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003
Frame ID: ABE82245B7468D512FDC6BCF52B8CF76
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: 1E64DB70385547DD77CE30D9E35F1BA2
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: 2786C4263674D085D858F4F25CFFD8FC
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=8btlb0mHgz6g&pid=557219
Frame ID: 7E1D38E9986E790E3FAD0350D015E470
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=89bc7e3d-000c-455e-ac37-388e05573523-tuct726a21c&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: 3268DF202B53180D85DD4DFC1CD90BF1
Requests: 1 HTTP requests in this frame

Frame: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=PUBMATIC_RTB
Frame ID: E93AC5CD6637CB0B72B75EEF938DA1EC
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:oIAdzBXG1Lcn365&gdpr=0&gdpr_consent=
Frame ID: 4007180927D2768CEAC89233FA435949
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/d51ouiIaoe_oO0a42MWTKpyCrSNXucyUKMnav5ltGHU.js
Frame ID: 670DF4E3A1FA29CA925C300D223C0DED
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: 902D3E8CB0423E45526871DE5D195BFA
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: 82A4D9652086CA7B076A1F08311491FC
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: 46883E06ABAAAF6058AA16B77ACC3B6E
Requests: 2 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?party=14&cid=E60952DF-2B40-48F7-9D12-884507708F09
Frame ID: ED66C9A83B8338AB95BF43EFC40253C0
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:F52397ED555947FDA31299047DF6B8F8
Frame ID: A559DA02EDA1EF5B950A12A751192DF2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

363
Requests

99 %
HTTPS

30 %
IPv6

72
Domains

113
Subdomains

71
IPs

10
Countries

4402 kB
Transfer

6768 kB
Size

1
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://play.google.com/store/apps/details?id=com.lenovo.anyshare.gps
Title: SHAREit

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.lenovo.anyshare.gps&hl=en_SG&gl=US
Title: SHAREit

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html
Title: report

Search URL Search Domain Scan URL

URL: https://i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/02/SHAREit.png?ssl=1

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/infosec-guide-defending-against-man-in-the-middle-attacks
Title: man-in-the-middle (MitM)

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/pub/pierluigi-paganini/b/742/559
Title: Pierluigi Paganini

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Title: Facebook

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html&text=Popular%20SHAREit%20app%20is%20affected%20by%20severe%20flaws%20yet%20to%20be%20fixed%20
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Title: Linkedin

Search URL Search Domain Scan URL

URL: http://reddit.com/submit?url=https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html&title=Popular%20SHAREit%20app%20is%20affected%20by%20severe%20flaws%20yet%20to%20be%20fixed
Title: Reddit

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?original_referer=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html

Search URL Search Domain Scan URL

URL: http://www.pinterest.com/pin/create/button/?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&media=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Fwp-includes%2Fimages%2Fmedia%2Fdefault.png

Search URL Search Domain Scan URL

URL: https://plus.google.com/share?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html

Search URL Search Domain Scan URL

URL: http://www.tumblr.com/share/link?url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html

Search URL Search Domain Scan URL

URL: https://www.cssii.unifi.it/vp-89-il-center.html

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 115

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1 HTTP 302
https://mug.criteo.com/sid?cpp=NxKZ9nw1WmRRbkU5ZzdrSVhQOW1sVzdjNFQ2ZnJLdXk1cU9wNGFYWTZadEhQSVQyMGI3WmExYTQ1UkQ1TWxtMlYwRmxqWE5zMjk0a0FnRXVjek5reE1WUmMrZ05uUXp3SDRKdGQ5Q0RHK0dxTDRqTDBLbWVaYVpVM0c5YjJzTjVMV2FVWk1taXhiZkhiWWgwZlNiODlxMTNtamsvS1dTMThSZm1ETmtsMXRiUUFWWEI1NHhaWmJQZU40R0g4Z0E3b0lZejZaWHlPUS9vNldxYk0wRksyb3J4eS9SbU9tYjJMVkdNQjBxSTZWTzBWb3pNPXw&cppv=2

Request Chain 121

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1 HTTP 302
https://mug.criteo.com/sid?cpp=xU4t1Hxua3pkcW9KVnJsRnY5Z3drcUd0U2t4aVZ4RWNWRHhzRDM4QTZxSnpabElvUUs5OEhYVHhNZENtNmowbDJ0aVMrQWg2WThqY3NKeGZLM3pKY2pia2ZsL0dTQlVqZTlqZ0prSUt6U0w3Yi93d2NXRDBqN1ZTN1dpWEFKeTRKY3Z4V1plbHRGbjVrUGlMNWhRN1pEYzRrczhydkR2R3NIbXR2SUNiTGJYNWRieDBJdm45S2dYM1ZhcEVhZFlDTFA4SmRRZnVvQnFwM3k3QmlwVEp3UWlERmlCa0dIR240YXg2R2Vrd3Ixaml0eU1vPXw&cppv=2

Request Chain 132

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1 HTTP 302
https://mug.criteo.com/sid?cpp=sSagG3xlZVl0bGdQRDBpMytoMnRGNk9wd2RqMUVoTXRJNkpCekpvS1NwelMzaUxwRU93TTBGNDMvR0dHR1Fmc3FiczRobEw5dmdJOVJ5NkdxS1MxMjVKT01pWTJOWVZLdHVsSWNxclEwWnJablFTR1lZTm5yWjVidWltVWs2eUFMSkpxRDhRWkxRWU9sakFLaGJTOXRlbG5YYXJOcHhEZFZKRlVhUkZpVHBuMTd6bGc1U2hVWis3Yk1kTVBLWlNhdzYrK3lyS090T2Z5S0svM1hlMDNVRDNZZHBHVlYwZEpVUVdadFlBRkFhc0JnaGtvPXw&cppv=2

Request Chain 161

https://cm.mgid.com/m?cdsp=363893&adu=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Dmgid%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%7Bmuidn%7D HTTP 301
https://prebidserver.pixfuture.com:8000/setuid?bidder=mgid&gdpr=1&gdpr_consent=&uid=l1hnnouUUeD5

Request Chain 170

https://cm.mgid.com/m?cdsp=363893&adu=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Dmgid%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%7Bmuidn%7D HTTP 301
https://prebidserver.pixfuture.com:8000/setuid?bidder=mgid&gdpr=1&gdpr_consent=&uid=l1hnjEGzNSD5

Request Chain 195

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=250&slotname=1680648786&adk=1022037533&adf=1357492129&pi=t.ma~as.1680648786&w=300&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&ea=0&flash=0&wgl=1&dt=1613569163758&bpp=5&bdt=199&idt=265&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=23&ife=1&pv=1&ga_vid=1166945294.1613569164&ga_sid=1613569164&ga_hid=1844072684&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=0&ish=0&ifk=2555592985&scr_x=0&scr_y=0&eid=42530672%2C44736377%2C21068083%2C21068769%2C21068893%2C21068945&oid=3&pvsid=2164766191774230&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C0&vis=1&rsz=%7C%7CEr%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.1pzxi39q7cho&fsb=1&dtd=272 HTTP 302
https://served-by.pixfuture.com/www/delivery/afr.php?zoneid=5529

Request Chain 202

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4299626249 HTTP 302
https://sync.1rx.io/usersync/tradedesk/25cdaedb-1c69-42ce-aa53-86f520887a6e HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Drhythmxchange%26nuid%3DRX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003

Request Chain 203

https://x.bidswitch.net/sync?ssp=sonobi HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05&google_hm=ZGUzOGJjOTMtNDZhZC00YjRlLTkxZjQtZTMzZjlmZTZmYzA1 HTTP 302
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEJJNaHg31_FqkQzixY6LYgg&google_cver=1&ssp=sonobi&bsw_param=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05

Request Chain 204

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent= HTTP 302
https://sync.go.sonobi.com/us.gif?nw=td&nuid=25cdaedb-1c69-42ce-aa53-86f520887a6e&pubid=0b24fdfc82

Request Chain 205

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=e206602d-1c8c-4800-aac6-ee0a474da9ca

Request Chain 206

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=YTgwODMwNTAtOTg0NC00MGE1LWJmZjgtNjRkZjkzNTZjZGE3 HTTP 302
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEGxjy0B9hULZMH8qfu-CqT4&google_cver=1

Request Chain 207

https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1870471592605931821

Request Chain 208

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=a8083050-9844-40a5-bff8-64df9356cda7&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=elhxODhYdnlaSHJSbE1DckY5d0NFQQ&gdpr=&gdpr_consent= HTTP 302
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESENfQn20TTtCSQ7E5g5mkGNM&google_cver=1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=XQYJ3vW0TQDK

Request Chain 210

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent= HTTP 302
https://sync.go.sonobi.com/us.gif?nw=td&nuid=25cdaedb-1c69-42ce-aa53-86f520887a6e&pubid=0b24fdfc82

Request Chain 211

https://x.bidswitch.net/sync?ssp=sonobi HTTP 302
https://p.rfihub.com/cm?in=1&pub=20513&ssp=sonobi HTTP 302
https://x.bidswitch.net/sync?dsp_id=119&user_id=875739024248918103&expires=30&ssp=sonobi HTTP 302
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05

Request Chain 212

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=e206602d-1c8c-4800-aac6-ee0a474da9ca

Request Chain 213

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1111807461 HTTP 302
https://sync.1rx.io/usersync/tradedesk/25cdaedb-1c69-42ce-aa53-86f520887a6e HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003

Request Chain 214

https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1870471592605931847

Request Chain 215

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=YTgwODMwNTAtOTg0NC00MGE1LWJmZjgtNjRkZjkzNTZjZGE3 HTTP 302
https://sync.go.sonobi.com/usg.gif?google_gid=CAESECSNJ8OYQWXOaZ4AuU56TMQ&google_cver=1

Request Chain 216

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=a8083050-9844-40a5-bff8-64df9356cda7&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=WnhfT1JsMWVMOHB5cnpSMG0wa2NSZw&gdpr=&gdpr_consent= HTTP 302
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESENfQn20TTtCSQ7E5g5mkGNM&google_cver=1

Request Chain 225

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=e206602d-1c8c-4800-aac6-ee0a474da9ca

Request Chain 226

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent= HTTP 302
https://sync.go.sonobi.com/us.gif?nw=td&nuid=25cdaedb-1c69-42ce-aa53-86f520887a6e&pubid=0b24fdfc82

Request Chain 227

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=YTgwODMwNTAtOTg0NC00MGE1LWJmZjgtNjRkZjkzNTZjZGE3 HTTP 302
https://sync.go.sonobi.com/usg.gif?google_gid=CAESECSNJ8OYQWXOaZ4AuU56TMQ&google_cver=1

Request Chain 228

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=361812077 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=361812077 HTTP 302
https://sync.1rx.io/usersync/tradedesk/68730136-77c8-4508-ba14-7a73f5852f12 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-dde3ab3a-abd6-4862-9305-cd7211674471-003?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Drhythmxchange%26nuid%3DRX-dde3ab3a-abd6-4862-9305-cd7211674471-003 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-dde3ab3a-abd6-4862-9305-cd7211674471-003

Request Chain 229

https://x.bidswitch.net/sync?ssp=sonobi HTTP 302
https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=sonobi&bsw_user_id=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05 HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=sonobi&bsw_user_id=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05 HTTP 302
https://x.bidswitch.net/sync?dsp_id=250&expires=14&user_id=9133ac4c-aeb7-443a-a625-3bdbcb5917c9&ssp=sonobi HTTP 302
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05

Request Chain 230

https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1875819617197096921

Request Chain 231

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=a8083050-9844-40a5-bff8-64df9356cda7&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=N25kMzNZRkJxWkNET0M3WEx6X1hEZw&gdpr=&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm=&google_sc=&google_hm=N25kMzNZRkJxWkNET0M3WEx6X1hEZw&gdpr=&gdpr_consent=&google_tc= HTTP 302
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEKkq37br_NLBFh7jbtdWDaE&google_cver=1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=CvmD10I4KqA5

Request Chain 235

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=e206602d-1c8c-4800-aac6-ee0a474da9ca

Request Chain 236

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=VlXGJVEGzCJNB8ZwUwDZcARXzCdNUcV1UFBrHy4L

Request Chain 237

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=748800383688539734

Request Chain 240

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELgBZU1020YCjw1O1UQDr_Q&google_cver=1

Request Chain 260

https://ad.turn.com/r/cs?pid=9&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537073061&val=4166112801591774730&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 261

https://rtb.openx.net/sync/dds HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_hm=Kx7Hx4TKyzYF8A5ir1-rqQ==&ox_sc=1&ox_init=1 HTTP 302
https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1

Request Chain 263

https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=oIAdzBXG1Lcn365

Request Chain 264

https://x.bidswitch.net/sync?ssp=openx HTTP 302
https://ads.programattik.com/sync?ssp=bidswitch&bidswitch_ssp_id=openx HTTP 302
https://ads.programattik.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=openx HTTP 302
https://x.bidswitch.net/sync?dsp_id=156&expires=14&user_id=c775c75e-a44a-48a2-ba96-662d8457657b&ssp=openx HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072968&val=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05

Request Chain 265

https://match.prod.bidr.io/cookie-sync/ox HTTP 303
https://match.prod.bidr.io/cookie-sync/ox?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFHZ1IwN0FXamtBQUJCanBUc3Q3UQ&bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1 HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAGgR07AWjkAABBjpTst7Q&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Csas%252Cox%26bee_sync_current_partner%3Dpm%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pp%2Csas%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2 HTTP 303
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAGgR07AWjkAABBjpTst7Q&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cox%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cox&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=3&ev=AAGgR07AWjkAABBjpTst7Q&pid=558502&do=add HTTP 303
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAGgR07AWjkAABBjpTst7Q&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4%26userid%3DSMART_USER_ID HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=ox&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=4&userid=987206037093635011 HTTP 303
https://us-u.openx.net/w/1.0/sd?id=537125688&val=AAGgR07AWjkAABBjpTst7Q

Request Chain 273

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=1408901815299007048

Request Chain 274

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFHejMwN0FXamtBQUJBUzdtc0phZw&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAGz307AWjkAABAS7msJag&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAGz307AWjkAABAS7msJag&pid=558502&do=add HTTP 303
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAGgR07AWjkAABBjpTst7Q&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=5223108947134010363 HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAGgR07AWjkAABBjpTst7Q

Request Chain 275

https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6930226823591753881

Request Chain 276

https://green.erne.co/pubmatic/cm HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=ze1MPIDzbyJHHFex1rbUWVTT

Request Chain 277

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003&rndcb=620008433 HTTP 302
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=adconductor HTTP 302
https://x.bidswitch.net/sync?dsp_id=70&user_id=748800383688539734&ssp=adconductor HTTP 302
https://sync.1rx.io/usersync/bidswitch/de38bc93-46ad-4b4e-91f4-e33f9fe6fc05?gdpr=&gdpr_consent= HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003

Request Chain 279

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}

Request Chain 280

https://bh.contextweb.com/bh/rtset?pid=557219&ev=1&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&piggybackCookie=%%VGUID%% HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=8btlb0mHgz6g&pid=557219

Request Chain 281

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=89bc7e3d-000c-455e-ac37-388e05573523-tuct726a21c&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0

Request Chain 282

https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxODQmdGw9MTU3NjgwMA==&r=https://pixel.tapad.com/idsync/ex/receive?partner_id=PUBMATIC_RTB&partner_device_id=${PUBMATIC_UID} HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=PUBMATIC_RTB HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=PUBMATIC_RTB

Request Chain 283

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:oIAdzBXG1Lcn365&gdpr=0&gdpr_consent=

Request Chain 284

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=5glS3ytASPedEohFB3CPCQ%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 286

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=E60952DF-2B40-48F7-9D12-884507708F09&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=E60952DF-2B40-48F7-9D12-884507708F09&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 287

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=E60952DF-2B40-48F7-9D12-884507708F09&gdpr= HTTP 302
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=E60952DF-2B40-48F7-9D12-884507708F09&gdpr=&fbounce=1 HTTP 302
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=E60952DF-2B40-48F7-9D12-884507708F09&addseg=31

Request Chain 288

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RTYwOTUyREYtMkI0MC00OEY3LTlEMTItODg0NTA3NzA4RjA5&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 289

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESED77e1pglK8XWemkl5xzF5U&google_cver=1

Request Chain 291

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=748800383688539734

Request Chain 292

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=25cdaedb-1c69-42ce-aa53-86f520887a6e

Request Chain 293

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&gdpr=0&gdpr_consent=

Request Chain 294

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=910849219510724670&gdpr=0&gdpr_consent=

Request Chain 295

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=E60952DF-2B40-48F7-9D12-884507708F09&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-SpCEjXB1l2LCDbbMjKiZTCMCjUVYSj8-&gdpr=0&gdpr_consent=

Request Chain 297

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=udyigL6PqIeijqLVvIm91eveqIKi2KHQv9ln-pGS

Request Chain 298

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://sonata-notifications.taptapnetworks.com/web/cookie/bidswitch/sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05&gdpr=0&gdpr_consent=&gdpr_pd= HTTP 302
https://x.bidswitch.net/sync?dsp_id=413&ssp=pubmatic&user_id=csonata_aa6eaed4-eecb-431e-9993-1d03aa861147&bsw_param=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05&expires=10 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=413&ssp=pubmatic&user_id=csonata_aa6eaed4-eecb-431e-9993-1d03aa861147&bsw_param=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05&expires=10 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=aac71abd-271b-46ef-a84a-f464090361bb&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 299

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4166112801591774730&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 300

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YC0ckAAAALSK8FZV HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YC0ckAAAALSK8FZV&gdpr=0&gdpr_consent=&_test=YC0ckAAAALSK8FZV

Request Chain 301

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=6b3ff109-d5b4-4d00-a46d-57a113c97e89-602d1c8e-4348&gdpr=0&gdpr_consent=

Request Chain 302

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:805cc105-a899-4548-9c14-25a81c1c7ec7&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

Request Chain 305

https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_d574ea0e-5539-4ab0-ac87-661fde849d38

Request Chain 310

https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=910849219510724670

Request Chain 312

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=4&gdpr=0 HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=4&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072977&val=6b3ff109-d5b4-4d00-a46d-57a113c97e89-602d1c8e-4348&gdpr=0&gdpr_consent=

Request Chain 314

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D&_test=YC0ckAAAAGSMBVZV HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YC0ckAAAAGSMBVZV&_test=YC0ckAAAAGSMBVZV HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537148856&val=YC0ckAAAAGSMBVZV&_test=YC0ckAAAAGSMBVZV

Request Chain 315

https://green.erne.co/openx/cm HTTP 302
https://pixel.onaudience.com/?mapped=qmys22DFkosH4iMputksWVTT&partner=2&redirect=green.erne.co%2Fct%2Fcm%3Fred%3Dhttps%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072998%2526rtb%253Dqmys22DFkosH4iMputksWVTT HTTP 302
https://sync.crwdcntrl.net/map/c=14544/tp=BIDB?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26redirect%3Dhttps%253A%252F%252Fgreen.erne.co%252Fct%252Fcm%253Fred%253Dhttps%25253A%25252F%25252Fus-u.openx.net%25252Fw%25252F1.0%25252Fsd%25253Fid%25253D537072998%252526rtb%25253Dqmys22DFkosH4iMputksWVTT HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=14544/tp=BIDB?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26redirect%3Dhttps%253A%252F%252Fgreen.erne.co%252Fct%252Fcm%253Fred%253Dhttps%25253A%25252F%25252Fus-u.openx.net%25252Fw%25252F1.0%25252Fsd%25253Fid%25253D537072998%252526rtb%25253Dqmys22DFkosH4iMputksWVTT HTTP 302
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=5eec6efa0886ba6a6965b826f30379d1&redirect=https%3A%2F%2Fgreen.erne.co%2Fct%2Fcm%3Fred%3Dhttps%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072998%2526rtb%253Dqmys22DFkosH4iMputksWVTT HTTP 302
https://green.erne.co/ct/cm?red=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072998%26rtb%3Dqmys22DFkosH4iMputksWVTT HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072998&rtb=qmys22DFkosH4iMputksWVTT

Request Chain 319

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEP4zPCeHk9MtdozzGQWV6lE&google_cver=1&google_push=AQvitUJtpXOYFOW21aon4aFrTrOdxDZXDtdojD4yr8gaHvrSPAgI-9Gn_TbxxiF4o0iVG0032Q5F4lv8XXH2dHSC-iLTT_bkBbA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=4gZgLRyMSACqxu4KR02pyg&google_push=AQvitUJtpXOYFOW21aon4aFrTrOdxDZXDtdojD4yr8gaHvrSPAgI-9Gn_TbxxiF4o0iVG0032Q5F4lv8XXH2dHSC-iLTT_bkBbA

Request Chain 320

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEBtXqKWsa1ESoqYLusm5MOE&google_cver=1&google_push=AQvitUL4gnzYEGvQYIkG5bDwxYCOKhh1L2ig5LMcqO43uVjRmZefrn2WiQhTlENodLTBl-Hzg3R8cVSmPzYHwhcvPAvcNR-BVQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEBtXqKWsa1ESoqYLusm5MOE&google_push=AQvitUL4gnzYEGvQYIkG5bDwxYCOKhh1L2ig5LMcqO43uVjRmZefrn2WiQhTlENodLTBl-Hzg3R8cVSmPzYHwhcvPAvcNR-BVQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEBtXqKWsa1ESoqYLusm5MOE&google_push=AQvitUL4gnzYEGvQYIkG5bDwxYCOKhh1L2ig5LMcqO43uVjRmZefrn2WiQhTlENodLTBl-Hzg3R8cVSmPzYHwhcvPAvcNR-BVQ&google_tc=

Request Chain 321

https://px.adhigh.net/p/gm/rub?google_gid=CAESEA4Ejsiy0NIoamuayEEn53o&google_cver=1&google_push=AQvitUKm5tHlgRBYNy85G1kqM4Fi2h1W_vUs6cJxICaAlw1xerGYHsq37ZIr89AScgDLPX8PmLHwvv5G1wLjI_4FMKCk2CPSd04 HTTP 302
https://px.adhigh.net/p/gm/rub?google_gid=CAESEA4Ejsiy0NIoamuayEEn53o&google_cver=1&google_push=AQvitUKm5tHlgRBYNy85G1kqM4Fi2h1W_vUs6cJxICaAlw1xerGYHsq37ZIr89AScgDLPX8PmLHwvv5G1wLjI_4FMKCk2CPSd04&bounced=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AQvitUKm5tHlgRBYNy85G1kqM4Fi2h1W_vUs6cJxICaAlw1xerGYHsq37ZIr89AScgDLPX8PmLHwvv5G1wLjI_4FMKCk2CPSd04&google_hm=QKRp6xh0lUcAAikABlF3sDd3cw%3D%3D

Request Chain 322

https://sync3.sniperlog.ru/?src=ggl_nga&google_gid=CAESEHeJQ6ydtFa92Jt3zhrdo94&google_cver=1&google_push=AQvitUJRnHK0zjUci_KKGSJ449D7vuCzCuNh4jKNM775tAbvkth-seCaqLpT2YGGPpDakqtw1UZjZ6xphqOzZ7lhVU3vloqTB8E HTTP 301
https://sync.bumlam.com/?src=ggl_nga&google_gid=CAESEHeJQ6ydtFa92Jt3zhrdo94&google_cver=1&google_push=AQvitUJRnHK0zjUci_KKGSJ449D7vuCzCuNh4jKNM775tAbvkth-seCaqLpT2YGGPpDakqtw1UZjZ6xphqOzZ7lhVU3vloqTB8E HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_push=AQvitUJRnHK0zjUci_KKGSJ449D7vuCzCuNh4jKNM775tAbvkth-seCaqLpT2YGGPpDakqtw1UZjZ6xphqOzZ7lhVU3vloqTB8E

Request Chain 323

https://rtb.openx.net/sync/dds?google_gid=CAESENe_h-jGA-CNc5NissHNf-c&google_cver=1&google_push=AQvitULBfQwjMJ-g67J5AipGohU2X7f2YwYUlIAn_J7jkv0O49sXD5bJVlH-O7xveZnee9JGMeAcL05kc33e_O48a5TypIbL1Rc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULBfQwjMJ-g67J5AipGohU2X7f2YwYUlIAn_J7jkv0O49sXD5bJVlH-O7xveZnee9JGMeAcL05kc33e_O48a5TypIbL1Rc&google_hm=Kx7Hx4TKyzYF8A5ir1-rqQ==

Request Chain 324

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEFZuizbzwveL0JJzk_Fk1CA&google_cver=1&google_push=AQvitUJl4Sn0z0Gredx9qu2qZGE-oMrwJpWNZEVUL7G0pTDJosfF6Uy0IF_Zg3TOiIeYUvQbOQ61cYCUbnAhxr1nNNd3uwy-e1df HTTP 302
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEFZuizbzwveL0JJzk_Fk1CA&google_cver=1&google_push=AQvitUJl4Sn0z0Gredx9qu2qZGE-oMrwJpWNZEVUL7G0pTDJosfF6Uy0IF_Zg3TOiIeYUvQbOQ61cYCUbnAhxr1nNNd3uwy-e1df&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEFZuizbzwveL0JJzk_Fk1CA&google_cver=1&google_push=AQvitUJl4Sn0z0Gredx9qu2qZGE-oMrwJpWNZEVUL7G0pTDJosfF6Uy0IF_Zg3TOiIeYUvQbOQ61cYCUbnAhxr1nNNd3uwy-e1df&apid=UP90ff221c-7125-11eb-ab73-06fdcdad5690 HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEFZuizbzwveL0JJzk_Fk1CA&google_cver=1&google_push=AQvitUJl4Sn0z0Gredx9qu2qZGE-oMrwJpWNZEVUL7G0pTDJosfF6Uy0IF_Zg3TOiIeYUvQbOQ61cYCUbnAhxr1nNNd3uwy-e1df&apid=UP90ff221c-7125-11eb-ab73-06fdcdad5690&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA5MGZmMjIxYy03MTI1LTExZWItYWI3My0wNmZkY2RhZDU2OTA%3D&google_push=AQvitUJl4Sn0z0Gredx9qu2qZGE-oMrwJpWNZEVUL7G0pTDJosfF6Uy0IF_Zg3TOiIeYUvQbOQ61cYCUbnAhxr1nNNd3uwy-e1df

Request Chain 325

https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEA6dGcCXh-_usPyGFPx3PnE&google_cver=1&google_push=AQvitUK91_dxWnQHWxvYWsuz2wiUlC0ZGQb3p10QPExq3945d1P8qKG1GxtR46ujtdr4hk5Yy2WNdhldfnCHsMjzfmMSDAGuNH-- HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=OTVlZjQyNDMtYTIwMC00ZGEwLWIxMDAtYWU5ZTU2MmMzM2Jm&google_push=AQvitUK91_dxWnQHWxvYWsuz2wiUlC0ZGQb3p10QPExq3945d1P8qKG1GxtR46ujtdr4hk5Yy2WNdhldfnCHsMjzfmMSDAGuNH--

Request Chain 328

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 331

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPmyFuP_rf5KQkvIO4Tr0pk&google_cver=1&google_push=AQvitUJK5PoYLehvG_5oA3zdODvzh402gHAePPm7nSgk1p6t8wPUUgYO9GooRfDNHeV0BMHgLaIUwciO8vJYG6H0vS8yst2KJY4 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJK5PoYLehvG_5oA3zdODvzh402gHAePPm7nSgk1p6t8wPUUgYO9GooRfDNHeV0BMHgLaIUwciO8vJYG6H0vS8yst2KJY4&google_hm=EPzorJ3fB3l-Ci1hj_VqdA

Request Chain 332

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEP-UcFVyFZGkX0L86reW_sY&google_cver=1&google_push=AQvitUJdJL1GbNfalgIz6y7CLfogAY_S2M5y39fwituzk5Ly6uA8CjMBCbqyCo-zuMBvc_m38RkF8VCEWW6eZskQpGneQrnkDWA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AQvitUJdJL1GbNfalgIz6y7CLfogAY_S2M5y39fwituzk5Ly6uA8CjMBCbqyCo-zuMBvc_m38RkF8VCEWW6eZskQpGneQrnkDWA&google_hm=pa129clUQJm50uy2CW6pzbs

Request Chain 333

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEFtnNhgTFCHEgPOl5QmuODg&google_cver=1&google_push=AQvitUJSEogQxuRpqZQQ0d9ZBFhFHKw1HC22RWFCEj9EmD_rQSEtmat89VgT-MQSA-55T_UevpjgNr49kXj-HiLvrn2hacBwyEk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AQvitUJSEogQxuRpqZQQ0d9ZBFhFHKw1HC22RWFCEj9EmD_rQSEtmat89VgT-MQSA-55T_UevpjgNr49kXj-HiLvrn2hacBwyEk

Request Chain 334

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEEjy1qvn80B45YyBmk-EzQo&google_cver=1&google_push=AQvitUKmgbtOb-wly1GAL5aTYEW_ig8zUR-GMuDywWzUUtkqosfyUdWUSkpdm2ai1TJmBqmhIOS-2zsK8arjirRL02LjiSa03Hs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUKmgbtOb-wly1GAL5aTYEW_ig8zUR-GMuDywWzUUtkqosfyUdWUSkpdm2ai1TJmBqmhIOS-2zsK8arjirRL02LjiSa03Hs&google_hm=NzY1MDA1ODY4MDM4NDU3OTg4Mg%3D%3D

Request Chain 335

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEAcaQBRhb4NciesPuGkLJJ0&google_cver=1&google_push=AQvitULK71F7QTBioCVwEITahoiCGY9pX0lxt3MpVLHD5Ua9fy710fG7SwCIRFsatd6zldRcfWu93L7t7Wzdf157KfFx8Y1Pdfo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzQ4ODAwMzgzNjg4NTM5NzM0&google_push=AQvitULK71F7QTBioCVwEITahoiCGY9pX0lxt3MpVLHD5Ua9fy710fG7SwCIRFsatd6zldRcfWu93L7t7Wzdf157KfFx8Y1Pdfo

Request Chain 336

https://rtb.openx.net/sync/dds?google_gid=CAESENq_Odign8hb6SmPerwXvo8&google_cver=1&google_push=AQvitULPrJJ9-cyj1iatPVod1DfhjXAzMOhrr9cqc-rPcQ16knKyV5q6ElExZhUfxERWMtpvXGPSqtX1GAfoqfHQxU6-NClEvcQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULPrJJ9-cyj1iatPVod1DfhjXAzMOhrr9cqc-rPcQ16knKyV5q6ElExZhUfxERWMtpvXGPSqtX1GAfoqfHQxU6-NClEvcQ&google_hm=Kx7Hx4TKyzYF8A5ir1-rqQ==

Request Chain 337

https://cs.media.net/cksync?type=g&google_gid=CAESEHTyXqjze3LR7uL6OHurPbM&google_cver=1&google_push=AQvitUJIlUxJBSHuBuWRa8D818-kjFBMoSx6INbt7nPvaklE4HIRl9sxe60mod71_1tUB8yyD9Ldp6wjJicVhR3aAliwEiHCCNU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjU2NTcwNzY1NTM1NjM1MDAwMFYxMA%3d%3d&mn_hm=MjU2NTcwNzY1NTM1NjM1MDAwMFYxMA%3d%3d&google_sc=1&google_push=AQvitUJIlUxJBSHuBuWRa8D818-kjFBMoSx6INbt7nPvaklE4HIRl9sxe60mod71_1tUB8yyD9Ldp6wjJicVhR3aAliwEiHCCNU

Request Chain 340

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 362

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:F52397ED555947FDA31299047DF6B8F8

Request Chain 363

https://pixel.onaudience.com/?partner=214&mapped=E60952DF-2B40-48F7-9D12-884507708F09 HTTP 302
https://spl.zeotap.com/?zdid=1332&zcluid=4e7d44f52a2b2ae8

Request Chain 364

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=e206602d-1c8c-4800-aac6-ee0a474da9ca

Request Chain 365

https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=8f246df9-7125-11eb-8024-1b29d755e37f&gdpr=0&gdpr_consent=

363 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request shareit-app-flaw.html Show response
securityaffairs.co/wordpress/114636/mobile-2/ 87 KB
23 KB 1386ms
1351ms Document
text/html 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache / PHP/7.2.34
Resource Hash: 4e5197b0adf42cb8d5d91c2498ea5ee54c911f111ea2a3ad3ac623bc4a941dea

Request headers

:method: GET
:authority: securityaffairs.co
:scheme: https
:path: /wordpress/114636/mobile-2/shareit-app-flaw.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Wed, 17 Feb 2021 13:39:19 GMT
server: Apache
x-powered-by: PHP/7.2.34
x-pingback: https://securityaffairs.co/wordpress/xmlrpc.php
link: <https://securityaffairs.co/wordpress/wp-json/>; rel="https://api.w.org/", <https://securityaffairs.co/wordpress/wp-json/wp/v2/posts/114636>; rel="alternate"; type="application/json", <https://securityaffairs.co/wordpress/?p=114636>; rel=shortlink
set-cookie: cookielawinfo-checkbox-necessary=yes; expires=Wed, 17-Feb-2021 14:39:20 GMT; Max-Age=3600; path=/ cookielawinfo-checkbox-non-necessary=yes; expires=Wed, 17-Feb-2021 14:39:20 GMT; Max-Age=3600; path=/
content-encoding: gzip

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
39 KB 50ms
22ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-59069958-1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8c20205eb1af2fc08002b5afb088671f231100de7eab457f2e69d5aa934fb1d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:20 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39196
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Feb 2021 13:39:20 GMT

GET
H2 200 style.css
securityaffairs.co/wordpress/wp-includes/css/dist/block-library/ 61 KB
61 KB 45ms
37ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/css/dist/block-library/style.css?ver=688ce3e49e5ecefa1cd650833f2ac646
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 8c43e551763d3628fab88767caacb3188f69afa8d1290cf3f9d61ab09cb56073

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:20 GMT
last-modified: Wed, 09 Dec 2020 23:30:59 GMT
server: Apache
accept-ranges: bytes
etag: "f520-5b61073a99e2a"
content-length: 62752
content-type: text/css

GET
H2 200 cookie-law-info-public.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 3 KB
3 KB 63ms
55ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=1.9.5
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: b8fa20af264fcdd99621fc4e3a770927452b0fe382599e0d890a3bfa31152f80

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:20 GMT
last-modified: Wed, 16 Dec 2020 23:05:49 GMT
server: Apache
accept-ranges: bytes
etag: "c25-5b69cea81443a"
content-length: 3109
content-type: text/css

GET
H2 200 cookie-law-info-gdpr.css
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/ 27 KB
27 KB 58ms
49ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=1.9.5
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: d44b68c7b3e659196a6a72662f4e2e903044d6e64a6a5c0002602711cd68a8fa

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:20 GMT
last-modified: Wed, 16 Dec 2020 23:05:49 GMT
server: Apache
accept-ranges: bytes
etag: "6cdf-5b69cea81443a"
content-length: 27871
content-type: text/css

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 23 KB
6 KB 34ms
10ms Stylesheet
text/css 2001:4de0:ac19::1:b:3b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=688ce3e49e5ecefa1cd650833f2ac646

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4de0:ac19::1:b:3b , Netherlands, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Resource Hash

541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 12 Dec 2018 18:35:19 GMT
etag: "1544639719"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 5442

GET
H2 200 frontend.css
securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/css/ 7 KB
7 KB 64ms
56ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/css/frontend.css?ver=1613569160
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 24583638f8c4bd2d5dff22bddefbb24f8d047868e71ad2c029b1698b6926c85c

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:20 GMT
last-modified: Wed, 10 Feb 2021 22:39:15 GMT
server: Apache
accept-ranges: bytes
etag: "1c69-5bb0312a4205b"
content-length: 7273
content-type: text/css

GET
H2 200 custom.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/ 19 KB
20 KB 65ms
58ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jqueryui/custom.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:20 GMT
last-modified: Wed, 16 Dec 2015 13:54:59 GMT
server: Apache
accept-ranges: bytes
etag: "4d92-52704407f72c0"
content-length: 19858
content-type: text/css

GET
H2 200 tipsy.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 539 B
683 B 59ms
52ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/tipsy.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:20 GMT
last-modified: Wed, 16 Dec 2015 06:58:04 GMT
server: Apache
accept-ranges: bytes
etag: "21b-526fe6d7cd700"
content-length: 539
content-type: text/css

GET
H2 200 flexslider.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 6 KB
6 KB 64ms
57ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/flexslider.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:20 GMT
last-modified: Wed, 16 Dec 2015 13:55:09 GMT
server: Apache
accept-ranges: bytes
etag: "1851-5270441180940"
content-length: 6225
content-type: text/css

GET
H2 200 mediaelementplayer-legacy.min.css
securityaffairs.co/wordpress/wp-includes/js/mediaelement/ 11 KB
11 KB 60ms
52ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:20 GMT
last-modified: Wed, 09 Dec 2020 23:31:00 GMT
server: Apache
accept-ranges: bytes
etag: "2bf8-5b61073af996a"
content-length: 11256
content-type: text/css

GET
H2 200 animation.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 2 KB
2 KB 72ms
18ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/animation.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
accept-ranges: bytes
etag: "6b4-526fe6d5e5280"
content-length: 1716
content-type: text/css

GET
H2 200 font-awesome.min.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 17 KB
18 KB 80ms
19ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
accept-ranges: bytes
etag: "4574-526fe6d5e5280"
content-length: 17780
content-type: text/css

GET
H2 200 swipebox.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 4 KB
5 KB 82ms
21ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/swipebox.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Wed, 16 Dec 2015 06:58:18 GMT
server: Apache
accept-ranges: bytes
etag: "118d-526fe6e527680"
content-length: 4493
content-type: text/css

GET
H2 200 jquery.circliful.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 334 B
478 B 81ms
20ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/jquery.circliful.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Wed, 16 Dec 2015 06:58:02 GMT
server: Apache
accept-ranges: bytes
etag: "14e-526fe6d5e5280"
content-length: 334
content-type: text/css

GET
H2 200 screen.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 110 KB
110 KB 84ms
20ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/screen.css?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Wed, 16 Dec 2015 06:58:04 GMT
server: Apache
accept-ranges: bytes
etag: "1b844-526fe6d7cd700"
content-length: 112708
content-type: text/css

GET
H2 200 custom-css.php
securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/ 12 KB
12 KB 131ms
59ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/templates/custom-css.php?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache / PHP/7.2.34
Resource Hash: 18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
server: Apache
x-powered-by: PHP/7.2.34
content-type: text/css; charset: UTF-8;charset=UTF-8

GET
H2 200 grid.css
securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/ 49 KB
50 KB 91ms
27ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/grid.css?ver=688ce3e49e5ecefa1cd650833f2ac646
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Wed, 16 Dec 2015 06:58:03 GMT
server: Apache
accept-ranges: bytes
etag: "c5f2-526fe6d6d94c0"
content-length: 50674
content-type: text/css

GET
H2 200 chartist.min.css
securityaffairs.co/wordpress/wp-content/plugins/wp-simple-firewall/resources/css/ 11 KB
11 KB 84ms
24ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/wp-simple-firewall/resources/css/chartist.min.css?ver=10.2.2&mtime=1613260285
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: b1e1b2a8b8f94f9d87c7c5bbfd84da8ed35719741ff8892c7e471a286a1391b6

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Sat, 13 Feb 2021 23:51:25 GMT
server: Apache
accept-ranges: bytes
etag: "2cf8-5bb406e3f66b9"
content-length: 11512
content-type: text/css

GET
H2 200 chartist-plugin-legend.css
securityaffairs.co/wordpress/wp-content/plugins/wp-simple-firewall/resources/css/ 1 KB
2 KB 84ms
20ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/wp-simple-firewall/resources/css/chartist-plugin-legend.css?ver=10.2.2&mtime=1613260285
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: a3e61a3c6e1a2e7ba11610657d76df363bb97f437d3c938e86123cbe2d41a649

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Sat, 13 Feb 2021 23:51:25 GMT
server: Apache
accept-ranges: bytes
etag: "583-5bb406e3f66b9"
content-length: 1411
content-type: text/css

GET
H2 200 frontend-gtag.js Show response
securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/ 22 KB
23 KB 105ms
25ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.js?ver=1613569160
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: bdec2cf98067424804869b7686735623c4f6fb88ce27718d27619860481b7733

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Wed, 10 Feb 2021 22:39:15 GMT
server: Apache
accept-ranges: bytes
etag: "596d-5bb0312a4dbdb"
content-length: 22893
content-type: application/javascript

GET
H2 200 jquery.js Show response
securityaffairs.co/wordpress/wp-includes/js/jquery/ 281 KB
281 KB 106ms
26ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery.js?ver=3.5.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 86f937a29eaee70aaf9935799a414bea46c62fb136cc0465f63f9d6820cf4982

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Wed, 09 Dec 2020 23:31:00 GMT
server: Apache
accept-ranges: bytes
etag: "463a2-5b61073af5aea"
content-length: 287650
content-type: application/javascript

GET
H2 200 jquery-migrate.js Show response
securityaffairs.co/wordpress/wp-includes/js/jquery/ 25 KB
25 KB 135ms
20ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Wed, 09 Dec 2020 23:31:00 GMT
server: Apache
accept-ranges: bytes
etag: "62d4-5b61073af5aea"
content-length: 25300
content-type: application/javascript

GET
H2 200 cookie-law-info-public.js Show response
securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/ 33 KB
33 KB 103ms
23ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=1.9.5
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: a902ffc1c259dc54cb51d32618f4238568e5bcac3d32afc33e6729277f67dffb

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Wed, 16 Dec 2020 23:05:49 GMT
server: Apache
accept-ranges: bytes
etag: "8319-5b69cea81443a"
content-length: 33561
content-type: application/javascript

GET
H2 200 medianetAdInjector.js Show response
securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/ 741 B
895 B 113ms
29ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/media-net-ads-manager/js/medianetAdInjector.js?ver=2.10.11
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: c8817bacfc84fd39e4daec4096011ed3d117c7fe8b3c55fdd22af47c299099bc

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Wed, 10 Feb 2021 22:39:25 GMT
server: Apache
accept-ranges: bytes
etag: "2e5-5bb03133e9b7e"
content-length: 741
content-type: application/javascript

GET
H2 200 st_insights.js Show response
ws.sharethis.com/button/ 26 KB
8 KB 67ms
13ms Script
application/javascript 2600:9000:21a1:aa00:3:c04e:c780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21a1:aa00:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: f8284365ba340253ee9c71cfb5efcc37f10a23e8b8b5dd134ec7bbab05073845

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 14 Feb 2021 19:07:07 GMT
content-encoding: gzip
server: nginx/1.16.1
age: 239536
etag: W/"60256fd5-676f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 c0093508e95ee3f9ebe60485284279c0.cloudfront.net (CloudFront)
cache-control: max-age=259200
x-amz-cf-pop: MUC51-C1
x-robots-tag: noindex, nofollow
content-length: 7567
x-amz-cf-id: f9atAT8oH_8RYTzuvumPyb-44pZtUUEz89pAeY3eSQJeLSHF2WSKMg==
expires: Wed, 17 Feb 2021 19:07:05 GMT

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 100 KB
32 KB 37ms
10ms Script
text/javascript 2600:9000:2127:6000:1c:8a07:5e80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://platform-api.sharethis.com/js/sharethis.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:6000:1c:8a07:5e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 414d8b428bdb05db9e520b23c7855cb14d5eee21007b4492d7f151f46ffd0f3a

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:34:32 GMT
content-encoding: gzip
age: 288
etag: W/"1911a-/9PKm40I201/anLlzkWA79nhAcc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
via: 1.1 0803e66d64c794aaadfd4a88601bc68e.cloudfront.net (CloudFront)
edge-control: cache-maxage=60m,downstream-ttl=60m
cache-control: max-age=600, public
x-amz-cf-pop: PRG50-C1
x-amz-cf-id: UWmSEPEI3QYN4aMTAyE5b62F3PTwE3E4W3VANX5afRJs8_enXbtTwA==

GET
H2 200 shield-antibot.js Show response
securityaffairs.co/wordpress/wp-content/plugins/wp-simple-firewall/resources/js/ 3 KB
3 KB 113ms
30ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/wp-simple-firewall/resources/js/shield-antibot.js?ver=10.2.2&mtime=1613260285
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: af7abdbcee9fe7d9eed8ff21d4a2ef12c31d2c374b77c8c67b1bf7c8b752f925

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Sat, 13 Feb 2021 23:51:25 GMT
server: Apache
accept-ranges: bytes
etag: "bc9-5bb406e405119"
content-length: 3017
content-type: application/javascript

GET
H2 200 chartist.min.js Show response
securityaffairs.co/wordpress/wp-content/plugins/wp-simple-firewall/resources/js/ 39 KB
40 KB 136ms
22ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/wp-simple-firewall/resources/js/chartist.min.js?ver=10.2.2&mtime=1613260285
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 1fdfbccaadd8f18b6be346d768190187d43f1fc750fdef63797bdde6adc473e8

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Sat, 13 Feb 2021 23:51:25 GMT
server: Apache
accept-ranges: bytes
etag: "9daa-5bb406e405119"
content-length: 40362
content-type: application/javascript

GET
H2 200 chartist-plugin-legend.js Show response
securityaffairs.co/wordpress/wp-content/plugins/wp-simple-firewall/resources/js/ 10 KB
10 KB 115ms
26ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/wp-simple-firewall/resources/js/chartist-plugin-legend.js?ver=10.2.2&mtime=1613260285
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 06d10799cfc34653767c7159074fa0a1983e4c0c8eed139653b3f7ee8fbb6a20

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Sat, 13 Feb 2021 23:51:25 GMT
server: Apache
accept-ranges: bytes
etag: "265e-5bb406e405119"
content-length: 9822
content-type: application/javascript

GET
H2 200 charts.js Show response
securityaffairs.co/wordpress/wp-content/plugins/wp-simple-firewall/resources/js/ 3 KB
3 KB 118ms
28ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/wp-simple-firewall/resources/js/charts.js?ver=10.2.2&mtime=1613260285
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 380068ce92694b1f6fa7f860a0d26d5cd5d3e265dc6dfd088ce1ae1403ef0cdf

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Sat, 13 Feb 2021 23:51:25 GMT
server: Apache
accept-ranges: bytes
etag: "bfa-5bb406e405119"
content-length: 3066
content-type: application/javascript

GET
H2 200 shuffle.js Show response
securityaffairs.co/wordpress/wp-content/plugins/wp-simple-firewall/resources/js/ 69 KB
69 KB 123ms
19ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/wp-simple-firewall/resources/js/shuffle.js?ver=10.2.2&mtime=1613260285
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 8b258fe1df53ab82f5569b5aa60b37cc0fa6cc6a09cb87c39a6c6d5ed8a1072a

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Sat, 13 Feb 2021 23:51:25 GMT
server: Apache
accept-ranges: bytes
etag: "112fe-5bb406e4060b9"
content-length: 70398
content-type: application/javascript

GET
H2 200 shield-card-shuffle.js Show response
securityaffairs.co/wordpress/wp-content/plugins/wp-simple-firewall/resources/js/ 6 KB
6 KB 123ms
19ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/wp-simple-firewall/resources/js/shield-card-shuffle.js?ver=10.2.2&mtime=1613260285
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 5e8e0782182aa8256f40b134bb89122173d98fcd428bd1338b74430ad6567c01

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Sat, 13 Feb 2021 23:51:25 GMT
server: Apache
accept-ranges: bytes
etag: "16b8-5bb406e405119"
content-length: 5816
content-type: application/javascript

GET
H2 200 dmedianet.js Show response
contextual.media.net/ 149 KB
51 KB 116ms
56ms Script
text/javascript 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

f60f957d712e2f772500f438e71551d51b59512d267aabd2278231fcc7cdf981

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-mnt-h: 10-4
content-encoding: gzip
server: Apache
etag: "f6b688a9b33855d673514f2d4228fea9"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=300
date: Wed, 17 Feb 2021 13:39:21 GMT
strict-transport-security: max-age=604800
x-mnt-w: 8-16
expires: Wed, 17 Feb 2021 13:44:21 GMT

GET
H2 200 logo_SecurityAffairs.png
securityaffairs.co/wordpress/wp-content/uploads/2015/12/ 44 KB
44 KB 20ms
20ms Image
image/png 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2015/12/logo_SecurityAffairs.png
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Wed, 16 Dec 2015 17:30:42 GMT
server: Apache
accept-ranges: bytes
etag: "b0e9-5270743f5f480"
content-length: 45289
content-type: image/png

GET
H/1.1 200
OK headerbid.js Show response
served-by.pixfuture.com/www/delivery/ 3 KB
4 KB 361ms
119ms Script
application/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 177d76801bdbecdb0d27109e118ae54a929156deac8ca44b46924a5c0f43cd7a

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 13:39:22 GMT
Last-Modified: Wed, 13 Jan 2021 17:57:03 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "5fff346f-d42"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800, public, no-transform
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 3394
Expires: Fri, 19 Feb 2021 13:39:22 GMT

GET
H2 200 facebook.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 830 B
1 KB 120ms
39ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 5
date: Wed, 17 Feb 2021 13:39:22 GMT
x-content-type-options: nosniff
last-modified: Wed, 10 Jun 2020 20:34:29 GMT
server: nginx
etag: "509a053c355d6394"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png>; rel="canonical"
content-length: 830
expires: Sat, 11 Jun 2022 08:34:29 GMT

GET
H2 200 twitter.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 1 KB
1 KB 90ms
27ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Wed, 17 Feb 2021 13:39:22 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
etag: "fbafb4fa36d9fc66"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/twitter.png>; rel="canonical"
content-length: 1082
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 linkedin.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 1 KB
1 KB 61ms
28ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Wed, 17 Feb 2021 13:39:22 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
etag: "8daaaf021369fdba"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/linkedin.png>; rel="canonical"
content-length: 1184
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 23ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5b4c904143c11b38f2342e2bfa7ca81e58b3d5034b5928d664da0aa86ff692c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: sB3XJKfRD3NNbfApYRrmMA==
cross-origin-resource-policy: cross-origin
expires: Wed, 17 Feb 2021 13:45:03 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1780
x-fb-rlafr: 0
x-fb-debug: jPSuqMEJVxiO9hO+eIUY9erOY1TFz+ToDxShy5D251AHH5ab6y+4XiwYvSHfgfBQf4UblAY3EM0GOrHUOU8Udw==
x-fb-trip-id: 686109401
x-fb-content-md5: 5d4a5334d8d538d0197298c0eeba360b
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Wed, 17 Feb 2021 13:39:22 GMT
x-frame-options: DENY
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "4b60fbeeecd78aba257104873103b2a4"
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 reddit.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 2 KB
2 KB 60ms
28ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/reddit.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

56159a7fa211c042c8da7005984653715f938917383f74292247f7b271469fb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Wed, 17 Feb 2021 13:39:22 GMT
x-content-type-options: nosniff
last-modified: Wed, 10 Jun 2020 20:18:21 GMT
server: nginx
etag: "6a02164672eeeebc"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/reddit.png>; rel="canonical"
content-length: 1566
expires: Sat, 11 Jun 2022 08:18:21 GMT

GET
H2 200 pinterest.png
i2.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/ 1 KB
2 KB 91ms
27ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/pinterest.png?ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

936c3e0cfba7a07ab55be383aeca9d39dcde7b4e9cddbfd973f78e34d3cc7078

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Wed, 17 Feb 2021 13:39:22 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
etag: "68e3fd8215972705"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/pinterest.png>; rel="canonical"
content-length: 1498
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 US-Government-cybersecurity.jpg
securityaffairs.co/wordpress/wp-content/uploads/2014/02/ 39 KB
40 KB 27ms
23ms Image
image/jpeg 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2014/02/US-Government-cybersecurity.jpg
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 9c4ac725c395d8cef3ca43823fdbb4221641e26ec4ccb27020c809760c83653a

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:22 GMT
last-modified: Wed, 16 Dec 2015 09:09:28 GMT
server: Apache
accept-ranges: bytes
etag: "9d71-5270043692200"
content-length: 40305
content-type: image/jpeg

GET
H2 200 Javali-trojan.png
securityaffairs.co/wordpress/wp-content/uploads/2021/02/ 83 KB
84 KB 29ms
26ms Image
image/png 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securityaffairs.co/wordpress/wp-content/uploads/2021/02/Javali-trojan.png
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 6489510e508efffa5e44c674a67c9cb1b58115b666e522062ebcaeae646f8430

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:22 GMT
last-modified: Tue, 16 Feb 2021 23:59:35 GMT
server: Apache
accept-ranges: bytes
etag: "14d0a-5bb7ce4fc4294"
content-length: 85258
content-type: image/png

GET
H2 200 Bluetooth-Overlay-Skimmer-3.png
i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/02/ 14 KB
14 KB 77ms
46ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/02/Bluetooth-Overlay-Skimmer-3.png?resize=300%2C300&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

a92c9b4a2f4c0c6a6e69ee4b648c2aa1cf71bd92cb5d03811e2fb5048e96acde

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Wed, 17 Feb 2021 13:39:22 GMT
x-content-type-options: nosniff
last-modified: Tue, 16 Feb 2021 10:05:50 GMT
server: nginx
etag: "12f49ee78770f569"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2021/02/Bluetooth-Overlay-Skimmer-3.png>; rel="canonical"
content-length: 14146
expires: Thu, 16 Feb 2023 22:05:50 GMT

GET
H2 200 ssba.css
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ 122 KB
122 KB 26ms
26ms Stylesheet
text/css 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/css/ssba.css?ver=688ce3e49e5ecefa1cd650833f2ac646
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: f4d4eda42f85c6ccbbb5de2aff596085b3b1d380c8585464f2e53df2cad66f8e

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Fri, 25 Dec 2020 23:58:53 GMT
server: Apache
accept-ranges: bytes
etag: "1e76e-5b752b4e76df8"
content-length: 124782
content-type: text/css

GET
H2 200 photon.js Show response
securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/ 2 KB
2 KB 39ms
38ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20191001
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Wed, 10 Feb 2021 22:39:21 GMT
server: Apache
accept-ranges: bytes
etag: "6e0-5bb031302da84"
content-length: 1760
content-type: application/javascript

GET
H2 200 jquery.adrotate.clicktracker.js Show response
securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/ 365 B
519 B 24ms
24ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/adrotate/library/jquery.adrotate.clicktracker.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Wed, 10 Feb 2021 22:39:09 GMT
server: Apache
accept-ranges: bytes
etag: "16d-5bb0312473af2"
content-length: 365
content-type: application/javascript

GET
H2 200 ssba.js Show response
securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ 2 KB
2 KB 22ms
21ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=688ce3e49e5ecefa1cd650833f2ac646
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 76a18f5f0637e0d73ce1afece898ce8b0fa75bb6b1c1990ae4a7ac6b083045ce

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Fri, 25 Dec 2020 23:58:53 GMT
server: Apache
accept-ranges: bytes
etag: "792-5b752b4e7bc18"
content-length: 1938
content-type: application/javascript

GET
H2 200 hint.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 987 B
1 KB 23ms
22ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/hint.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "3db-526fe6e433440"
content-length: 987
content-type: application/javascript

GET
H2 200 jquery.tipsy.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 4 KB
4 KB 19ms
19ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.tipsy.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "1113-526fe6e433440"
content-length: 4371
content-type: application/javascript

GET
H2 200 jquery.easing.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 8 KB
8 KB 18ms
18ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.easing.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "1fa1-526fe6e433440"
content-length: 8097
content-type: application/javascript

GET
H2 200 browser.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 3 KB
3 KB 22ms
22ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/browser.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Wed, 16 Dec 2015 06:58:16 GMT
server: Apache
accept-ranges: bytes
etag: "a36-526fe6e33f200"
content-length: 2614
content-type: application/javascript

GET
H2 200 jquery.flexslider-min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/ 21 KB
21 KB 26ms
26ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/flexslider/jquery.flexslider-min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Wed, 16 Dec 2015 13:55:10 GMT
server: Apache
accept-ranges: bytes
etag: "53ae-5270441274b80"
content-length: 21422
content-type: application/javascript

GET
H2 200 waypoints.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 8 KB
8 KB 19ms
19ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/waypoints.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Wed, 16 Dec 2015 06:58:18 GMT
server: Apache
accept-ranges: bytes
etag: "1f6c-526fe6e527680"
content-length: 8044
content-type: application/javascript

GET
H2 200 mediaelement-and-player.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/ 69 KB
70 KB 24ms
23ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/mediaelement/mediaelement-and-player.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Wed, 16 Dec 2015 13:55:14 GMT
server: Apache
accept-ranges: bytes
etag: "11571-5270441645480"
content-length: 71025
content-type: application/javascript

GET
H2 200 jquery.swipebox.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 11 KB
11 KB 20ms
20ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.swipebox.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "2a67-526fe6e433440"
content-length: 10855
content-type: application/javascript

GET
H2 200 jquery.circliful.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 3 KB
3 KB 17ms
17ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.circliful.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "c18-526fe6e433440"
content-length: 3096
content-type: application/javascript

GET
H2 200 jquery.smarticker.min.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 13 KB
13 KB 21ms
21ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/jquery.smarticker.min.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Wed, 16 Dec 2015 06:58:17 GMT
server: Apache
accept-ranges: bytes
etag: "3225-526fe6e433440"
content-length: 12837
content-type: application/javascript

GET
H2 200 custom.js Show response
securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/ 12 KB
13 KB 19ms
18ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/js/custom.js?ver=1.4.1
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Wed, 16 Dec 2015 06:58:16 GMT
server: Apache
accept-ranges: bytes
etag: "31d4-526fe6e33f200"
content-length: 12756
content-type: application/javascript

GET
H2 200 wp-embed.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 3 KB
3 KB 17ms
17ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/wp-embed.js?ver=688ce3e49e5ecefa1cd650833f2ac646
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:21 GMT
last-modified: Thu, 21 Feb 2019 22:56:38 GMT
server: Apache
accept-ranges: bytes
etag: "c8e-5826f6315ef61"
content-length: 3214
content-type: application/javascript

GET
H2 200 e-202107.js Show response
stats.wp.com/ 9 KB
3 KB 84ms
26ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202107.js
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn
date: Wed, 17 Feb 2021 13:39:22 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Sun, 06 Feb 2022 21:03:52 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
19 KB 29ms
6ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-59069958-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 3126
date: Wed, 17 Feb 2021 12:47:16 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18980
expires: Wed, 17 Feb 2021 14:47:16 GMT

GET
H2 200 twemoji.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 27 KB
28 KB 24ms
22ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/twemoji.js?ver=688ce3e49e5ecefa1cd650833f2ac646
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: e98cd00e7be004c4360ad0c38471911312d74a117babcc29f239935afc80c8cb

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:22 GMT
last-modified: Wed, 09 Dec 2020 23:31:00 GMT
server: Apache
accept-ranges: bytes
etag: "6d6a-5b61073b100ca"
content-length: 28010
content-type: application/javascript

GET
H2 200 wp-emoji.js Show response
securityaffairs.co/wordpress/wp-includes/js/ 9 KB
9 KB 25ms
23ms Script
application/javascript 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-includes/js/wp-emoji.js?ver=688ce3e49e5ecefa1cd650833f2ac646
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:22 GMT
last-modified: Tue, 31 Mar 2020 22:49:14 GMT
server: Apache
accept-ranges: bytes
etag: "231d-5a22e608152f1"
content-length: 8989
content-type: application/javascript

GET css
fonts.googleapis.com/ 0
0

GET
H2 200 5b71b64b04b9a500117b1015.js Show response
buttons-config.sharethis.com/js/ 30 B
378 B 465ms
425ms Script
text/javascript 2600:9000:2127:ac00:c:abe:f440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://buttons-config.sharethis.com/js/5b71b64b04b9a500117b1015.js
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:ac00:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:23 GMT
via: 1.1 168125097acf734cd7750e139a974b38.cloudfront.net (CloudFront)
last-modified: Mon, 13 Aug 2018 16:48:12 GMT
server: AmazonS3
x-amz-cf-pop: PRG50-C1
etag: "e6e1643313740711175f51662a65b42f"
x-cache: RefreshHit from cloudfront
content-type: text/javascript
cache-control: max-age=60,public
accept-ranges: bytes
content-length: 30
x-amz-cf-id: 1HJn5nC0M45YHKVI6T9uKaPW01pC9OwrlaqnWPN0ooTterD-BMkykA==

GET
H2 200 analytics.js Show response
google-analytics.com/ 46 KB
19 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://google-analytics.com/analytics.js

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 5275
date: Wed, 17 Feb 2021 12:11:27 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18980
expires: Wed, 17 Feb 2021 14:11:27 GMT

GET
H2 200 fontawesome-webfont.woff
securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/ 43 KB
44 KB 24ms
24ms Font
application/font-woff 2001:8d8:100f:f000::289
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to

Full URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/fonts/fontawesome-webfont.woff?v=4.0.3
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:8d8:100f:f000::289 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/wp-content/themes/rigel_old/css/font-awesome.min.css?ver=1.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:22 GMT
last-modified: Wed, 16 Dec 2015 06:58:09 GMT
server: Apache
accept-ranges: bytes
etag: "ad90-526fe6dc92240"
content-length: 44432
content-type: application/font-woff

GET
H/1.1 200
OK videoAds.js Show response
adservetx.media.net/ 6 KB
3 KB 132ms
44ms Script
text/javascript 23.62.140.165
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://adservetx.media.net/videoAds.js?cid=8CU5BD6EW&crid=126440378&dn=securityaffairs.co&https=1
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.62.140.165 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-62-140-165.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 00f0d946986d4a5476e4956c1782a490c49bc74818bd2c9bd4feeaaa103ae67f

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 13:39:22 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=300
Connection: keep-alive
Content-Length: 2721
Expires: Wed, 17 Feb 2021 13:44:22 GMT

GET
H2 200 portal-v2.html Show response
c.sharethis.mgr.consensu.org/ Frame B894 2 KB
1 KB 33ms
9ms Document
text/html 2600:9000:2127:7200:c:a9b7:ddc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.sharethis.mgr.consensu.org/portal-v2.html
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:7200:c:a9b7:ddc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: ac84513c4c5ea7e4458e91c46e33ba71b56e19fabf93cc079ffcb01a975c2e3d

Request headers

:method: GET
:authority: c.sharethis.mgr.consensu.org
:scheme: https
:path: /portal-v2.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Response headers

content-type: text/html; charset=utf-8
content-encoding: gzip
date: Wed, 17 Feb 2021 12:43:54 GMT
cache-control: max-age=3600, public
etag: W/"83a-K1Ex0xzH2LCxSyRnDnyZEg18N68"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 97101640da3dcba7a2d4a3d67a31b115.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
x-amz-cf-id: BcjV7yDZVUss9vJfRJ5k_hByMmyb2BUVohHClvxWNA1uiITsOuA2tw==
age: 3328

GET
H/1.1 200
OK headerbid_refresh_alex.php Show response
served-by.pixfuture.com/www/delivery/ Frame B1A3 8 KB
9 KB 150ms
150ms Script
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24274x728x90x4142x_ADSLOT1&keywords=popular,shareit,app,is,affected,severe,flaws,yet,be,fixedsecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24274x728x90x4142x_ADSLOT1&flag=true
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: b337552ecf4ac2075d5a5cb520e9a95cbcf4e836420c642f6b698f61f4550a64

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:22 GMT
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800, public, no-transform
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Fri, 19 Feb 2021 13:39:22 GMT

GET headerbid_refresh_alex.php
served-by.pixfuture.com/www/delivery/ Frame 44A2 0
0

GET
H/1.1 200
OK browserfp.min.js Show response
pxlclnmdecom-a.akamaihd.net/javascripts/ 107 KB
33 KB 129ms
54ms Script
text/javascript 23.32.238.163
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=3&customerId=8CU5BD6EW
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 23.32.238.163 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-32-238-163.deploy.static.akamaitechnologies.com
Software: / Express
Resource Hash: af96a3a456e21f978d7564e240c2568ce325d8925777a8e808c08a738ce294ff

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 13:39:22 GMT
Content-Encoding: gzip
X-Powered-By: Express
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 1800
Cache-Control: max-age=1800
Connection: keep-alive
Content-Length: 33826
Expires: Wed, 17 Feb 2021 14:09:22 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 78 KB
24 KB 663ms
662ms Script
text/javascript 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?&gdpr=0&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=816788371&size=300x250&cc=CH&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&nse=6&vi=1613569161767704494&lw=1&ugd=4&nb=1&cb=window._mNDetails.initAd

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

ba50b163e9b418b2143616d075368e1b0b6a11e326d3805eb1e006de8270e050

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
x-mnt-hl2: 8-31
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=300
date: Wed, 17 Feb 2021 13:39:22 GMT
x-mnt-w: 21-1g7g, 21-1g7g
content-length: 24442
expires: Wed, 17 Feb 2021 13:44:22 GMT

GET
H2 200 bping.php
lg3.media.net/ 35 B
189 B 51ms
50ms Image
image/gif 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=0&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=816788371&vi=1613569161767704494&ugd=4&lf=6&cc=CH&sc=ZH&lper=100&wsip=2886781008&r=1613569162214&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001613569162208031140535636049&gdpr=0&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Wed, 17 Feb 2021 13:39:22 GMT
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Wed, 17 Feb 2021 13:39:22 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 78 KB
24 KB 649ms
648ms Script
text/javascript 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?&gdpr=0&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=816788371&size=300x250&cc=CH&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&nse=6&vi=1613569161314428016&lw=1&ugd=4&nb=1&cb=window._mNDetails.initAd

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

027fb1d4e70b626e415937f38931e2e9f53a029f814dae4684d9682d668b441a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
x-mnt-hl2: 8-31
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=300
date: Wed, 17 Feb 2021 13:39:22 GMT
x-mnt-w: 21-1g7g, 21-1g7g
content-length: 24439
expires: Wed, 17 Feb 2021 13:44:22 GMT

GET
H2 200 bping.php
lg3.media.net/ 35 B
189 B 52ms
51ms Image
image/gif 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=0&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=816788371&vi=1613569161314428016&ugd=4&lf=6&cc=CH&sc=ZH&lper=100&wsip=2886781008&r=1613569162220&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001613569162208031140535636049&gdpr=0&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Wed, 17 Feb 2021 13:39:22 GMT
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Wed, 17 Feb 2021 13:39:22 GMT

GET
H2 200 SHAREit.png
i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/02/ 15 KB
15 KB 36ms
35ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2021/02/SHAREit.png?w=486&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

e716e22d4b8e9cfc81725c3d40e4a1788515f64a294a18d3181098e36fcbf1e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Wed, 17 Feb 2021 13:39:22 GMT
x-content-type-options: nosniff
last-modified: Tue, 16 Feb 2021 10:01:31 GMT
server: nginx
etag: "43d681b435be7d50"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2021/02/SHAREit.png>; rel="canonical"
content-length: 15590
expires: Thu, 16 Feb 2023 22:01:31 GMT

GET
H2 200 f00db26378ef7df7c440a8ee60ead62b
secure.gravatar.com/avatar/ 1 KB
1 KB 21ms
5ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Wed, 17 Feb 2021 13:39:22 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="f00db26378ef7df7c440a8ee60ead62b.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/f00db26378ef7df7c440a8ee60ead62b?s=60&d=mm&r=g>; rel="canonical"
content-length: 1186
expires: Wed, 17 Feb 2021 13:44:22 GMT

GET
H/1.1 200
OK headerbid_refresh_alex.php Show response
served-by.pixfuture.com/www/delivery/ Frame CA85 8 KB
8 KB 216ms
152ms Script
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24272x320x50x4142x_ADSLOT1&keywords=popular,shareit,app,is,affected,severe,flaws,yet,be,fixedsecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24272x320x50x4142x_ADSLOT1&flag=true
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 119874c68793507e6999f9aaa02bfb6628a452ba248a46c719ab850ae9be5e21

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:22 GMT
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800, public, no-transform
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Fri, 19 Feb 2021 13:39:22 GMT

GET
H/1.1 200
OK headerbid_refresh_alex.php Show response
served-by.pixfuture.com/www/delivery/ Frame 93E9 8 KB
9 KB 299ms
152ms Script
text/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24270x300x250x4142x_ADSLOT1&keywords=popular,shareit,app,is,affected,severe,flaws,yet,be,fixedsecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24270x300x250x4142x_ADSLOT1&flag=true
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 7afc7b54bbbad16fe2391ef2796e50a0b84e38a57ca9528092cefa94126ef4a5

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:22 GMT
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800, public, no-transform
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Fri, 19 Feb 2021 13:39:22 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 78 KB
24 KB 693ms
693ms Script
text/javascript 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?&gdpr=0&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=184323154&size=300x250&cc=CH&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&nse=6&vi=1613569161750383501&lw=1&ugd=4&nb=1&cb=window._mNDetails.initAd

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

36f08afb776520c0a7e9807c783489dda647b65ab0a903db0c0197038c252a3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
x-mnt-hl2: 8-31
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=300
date: Wed, 17 Feb 2021 13:39:22 GMT
x-mnt-w: 21-6srw, 21-h13h
content-length: 24452
expires: Wed, 17 Feb 2021 13:44:22 GMT

GET
H2 200 bping.php
lg3.media.net/ 35 B
189 B 41ms
41ms Image
image/gif 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=0&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&vi=1613569161750383501&ugd=4&lf=6&cc=CH&sc=ZH&wsip=2886781008&r=1613569162292&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001613569162288031140535631150&gdpr=0&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Wed, 17 Feb 2021 13:39:22 GMT
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Wed, 17 Feb 2021 13:39:22 GMT

GET
H2 200 fcmain.js Show response
contextual.media.net/1017354394/ 78 KB
24 KB 633ms
632ms Script
text/javascript 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/1017354394/fcmain.js?&gdpr=0&cid=8CU5BD6EW&cpcd=RlAcVccC-RdUYIl-LjF9ag%3D%3D&crid=647633027&size=300x250&cc=CH&https=1&vif=1&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&nse=6&vi=1613569161453481585&lw=1&ugd=4&nb=1&cb=window._mNDetails.initAd

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

4c24e3d3e560c70d555d73f0fe4cca123744857b6503f61f25ac4473accf3936

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
x-mnt-hl2: 8-31
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=300
date: Wed, 17 Feb 2021 13:39:22 GMT
x-mnt-w: 21-h13h, 21-6srw
content-length: 24422
expires: Wed, 17 Feb 2021 13:44:22 GMT

GET
H2 200 bping.php
lg3.media.net/ 35 B
189 B 38ms
38ms Image
image/gif 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?&gdpr=0&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&vi=1613569161453481585&ugd=4&lf=6&cc=CH&sc=ZH&lper=100&wsip=2886781008&r=1613569162297&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&vgd_l2type=setting&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_uspa=0&hvsid=00001613569162295031140535633203&gdpr=0&vgd_end=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Wed, 17 Feb 2021 13:39:22 GMT
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Wed, 17 Feb 2021 13:39:22 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 198 KB
60 KB 18ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=434141e6be23d41ce5b145e37bc66356&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2edd1f9e91e1dcdc50978db5d54354adcffddd7da0277c650ccf4ad34275ea7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: JHG3LrKlTp0o00e756aHtQ==
cross-origin-resource-policy: cross-origin
expires: Thu, 17 Feb 2022 11:54:31 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 60953
x-fb-rlafr: 0
x-fb-debug: TIOIegzysvZHM6/lip9QR6zjE+Xxw2pUa6Mi1eDO3MxQqriyGsAhiALyT3jHQ5igIpANLP9eDsaSNBAEXbq+kQ==
x-fb-trip-id: 686109401
x-fb-content-md5: 254d8b4c2b0a10221bf610d0a94e53e2
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Wed, 17 Feb 2021 13:39:22 GMT
x-frame-options: DENY
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "0d9e607fd9c242ee8e95834f386fb6ee"
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 1 B
388 B 46ms
13ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j88&a=348790024&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&ul=en-us&de=UTF-8&dt=Popular%20SHAREit%20app%20is%20affected%20by%20severe%20flaws%20yet%20to%20be%20fixedSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=1301771279&gjid=838205905&cid=1205365912.1613569162&tid=UA-59069958-1&_gid=1355047799.1613569162&_r=1&did=dNDMyYj&gtm=2ou230&z=1285995103

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:22 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
27 B 42ms
13ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j88&a=348790024&t=pageview&_s=1&dl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&ul=en-us&de=UTF-8&dt=Popular%20SHAREit%20app%20is%20affected%20by%20severe%20flaws%20yet%20to%20be%20fixedSecurity%20Affairs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEDAAUABAAAAAC~&jid=1925824843&gjid=1214812402&cid=1205365912.1613569162&tid=UA-59069958-1&_gid=1355047799.1613569162&_r=1&_slc=1&z=1222923957

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:22 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Digging-The-Deep-Web.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/ 6 KB
6 KB 42ms
41ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png?resize=236%2C300&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:22 GMT
x-content-type-options: nosniff
x-bytes-saved: 46713
content-length: 6414
x-nc: HIT ams 6
last-modified: Wed, 10 Jun 2020 20:34:29 GMT
server: nginx
etag: "012d3c7ccbeb8560"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2018/03/Digging-The-Deep-Web.png>; rel="canonical"
expires: Sat, 11 Jun 2022 08:34:29 GMT

GET
H2 200 securityaffairs-best-european-blog2.png
i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/ 10 KB
10 KB 32ms
31ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png?resize=300%2C217&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

e8caad51a19c5667e4fc7ae6a3b9bf8a23559bb64b09b0c6e90cad6d24083ea6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:22 GMT
x-content-type-options: nosniff
x-bytes-saved: 103276
content-length: 10314
x-nc: HIT hhn 2
last-modified: Tue, 02 Jun 2020 21:29:55 GMT
server: nginx
etag: "c8c3d7b06b174426"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2020/06/securityaffairs-best-european-blog2.png>; rel="canonical"
expires: Fri, 03 Jun 2022 09:29:55 GMT

GET
H2 200 logo-center-for-cybersecurity.jpg
i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/ 7 KB
7 KB 29ms
28ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg?resize=290%2C300&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Wed, 17 Feb 2021 13:39:22 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 08:12:40 GMT
server: nginx
etag: "312ff21e46f29f3d"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2020/10/logo-center-for-cybersecurity.jpg>; rel="canonical"
content-length: 7482
expires: Sat, 05 Nov 2022 20:12:40 GMT

GET
H2 200 newsletter.png
i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/ 6 KB
6 KB 44ms
44ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png?resize=300%2C207&ssl=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 8
date: Wed, 17 Feb 2021 13:39:22 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Dec 2020 07:42:49 GMT
server: nginx
etag: "87af94f3ac2df9da"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://securityaffairs.co/wordpress/wp-content/uploads/2015/03/newsletter.png>; rel="canonical"
content-length: 6336
expires: Thu, 15 Dec 2022 19:42:49 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
92 B 26ms
25ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A9.4&blog=29506073&post=114636&tz=0&srv=securityaffairs.co&host=securityaffairs.co&ref=&fcp=2624&rand=0.7874678951486789
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:22 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H/1.1 200
OK log
qsearch-a.akamaihd.net/ 35 B
329 B 121ms
32ms Image
image/gif 2.16.186.67
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qsearch-a.akamaihd.net/log?logid=kfk&evtid=videoerror&cid=8CU5BD6EW&crid=null&dn=securityaffairs.co&REASON=33&ACTION=0&visitorId=2563402817409839000V10&dc=0&adtagId=126440378&bidder_id=99999&biddertagid=99999&bsr=Chrome_83&dt=desktop&os=MAC&id=00001613569162431007361740989767&purl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.186.67 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-67.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.35.v20201120) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:22 GMT
Server: Jetty(9.4.35.v20201120)
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Wed, 17 Feb 2021 13:39:22 GMT

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
340 B 107ms
26ms XHR
text/plain 18.195.238.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1613569162112.91883&hostname=securityaffairs.co&location=%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&bsamesite=true&consent_cookie_duration=319&consent_duration=320&gdpr_domain=.consensu.org&gdpr_method=cookie&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&title=Popular%20SHAREit%20app%20is%20affected%20by%20severe%20flaws%20yet%20to%20be%20fixedSecurity%20Affairs&sop=false&description=Multiple%20vulnerabilities%20in%20the%20popular%20file-sharing%20app%20SHAREit%20have%20yet%2C%20to%20be%20addressed%2C%20experts%20from%20Trend%20Micro%20warned.%20SHAREit%20is%20a%20popular%20file-sharing%20Android%20app%20with%20more%20than%20one%20billion%20downloads%2C%20experts%20from%20Trend%20Micro%20discovered%20multiple%20unpatched%20vulnerabilities%20in%20its%20code.%20The%20vulnerabilities%20impact%20the%20Android%20version%20of%C2%A0SHAREit%2C%20a%20mobile%20app%20that%20allows%20users%20%5B%E2%80%A6%5D
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.238.30 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-238-30.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 13:39:22 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK bfp_ssn.js Show response
pxlclnmdecom-a.akamaihd.net/javascripts/ Frame 4680 12 KB
4 KB 30ms
30ms Document
text/html 23.32.238.163
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/bfp_ssn.js?templateId=3
Requested by: Host: pxlclnmdecom-a.akamaihd.net
URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=3&customerId=8CU5BD6EW
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 23.32.238.163 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-32-238-163.deploy.static.akamaitechnologies.com
Software: / Express
Resource Hash: 508a8b73dfefe6e9998cca8a66aef5f7b9b5a8b24b35ae0e6e8a02f37d4a2c93

Request headers

Host: pxlclnmdecom-a.akamaihd.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Response headers

Content-Type: text/html; charset=utf-8
X-Powered-By: Express
Vary: Accept-Encoding
Access-Control-Max-Age: 1800
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Cache-Control: max-age=1800
Expires: Wed, 17 Feb 2021 14:09:22 GMT
Date: Wed, 17 Feb 2021 13:39:22 GMT
Content-Length: 3752
Connection: keep-alive

POST
H2 200 ptmdP
dt.clnmde.com/ 7 B
329 B 365ms
121ms Other
text/html 100.24.200.179
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://dt.clnmde.com/ptmdP
Requested by: Host: pxlclnmdecom-a.akamaihd.net
URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=3&customerId=8CU5BD6EW
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 100.24.200.179 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-24-200-179.compute-1.amazonaws.com
Software: / Express
Resource Hash: aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 17 Feb 2021 13:39:22 GMT
vary: Accept-Encoding
x-powered-by: Express
etag: W/"7-Jgyp3YpFd/wAt71YECmAdg"
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
content-length: 7

GET
H2 200 cenw.js Show response
dt.clnmde.com/ 36 B
361 B 368ms
122ms XHR
text/html 100.24.200.179
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://dt.clnmde.com/cenw.js?identifier=bafp
Requested by: Host: pxlclnmdecom-a.akamaihd.net
URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=3&customerId=8CU5BD6EW
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 100.24.200.179 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-24-200-179.compute-1.amazonaws.com
Software: / Express
Resource Hash: 0e1ba71e147401d2e86a6cca731ec60361c200ed05c4f03901713479f33b219e

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:22 GMT
vary: Accept-Encoding
x-powered-by: Express
etag: W/"24-xTI7Z0hwPkhqyfvi8eWLKA"
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
content-length: 36

GET
H2 200 ptmdDual
dt6.clnmde.com/ 70 B
331 B 290ms
87ms Image
image/gif 2600:1f18:42df:3a00:e8b1:a0ff:a34c:ada
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt6.clnmde.com/ptmdDual?t=%7B%22gh%22%3A%2216135691624413246214969%22%2C%22za%22%3A1%2C%22gcd%22%3A1613569162455%2C%22al%22%3A3%2C%22bcnd%22%3A1%7D
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:42df:3a00:e8b1:a0ff:a34c:ada Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: / Express
Resource Hash: c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 17 Feb 2021 13:39:22 GMT
x-powered-by: Express
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: image/gif

GET
H2 200 ptmd
dt.clnmde.com/ 70 B
330 B 355ms
122ms Image
image/gif 100.24.200.179
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.clnmde.com/ptmd?t=16135691624413246214969_N4IgxmAWDWIFwG0QEYAcAWAzAJk8grOiADQgBs6A7GZpgAzaUkirJmWqqaXIgC6pAA4BLACYAXeEjrMZpGQJAAnAKYAzAKpKANpMQhmhxQGclYLbqkhI48YOMBSTAEEH2AGJv3xlWACuSsLiAJ4AhmpqocJKxgB0YAD2XgDuCUqigqrGjh7IyOg0ZF4AtgkARsLaKgC02F7GkKGqQdWhgoLVatqhybE2xdrMNnaOLl71vgFBYRFRMfFJHqnpmSrZXnkFmEUepRVVtfWNzeKt7Z3dvf2DpMP2Tq4eE-6BIeGR0XGJKWkZWTnuTaFErlSo1OoeBpNFQtNodLo9PriAb8UgAN2MAH0xHoEAA7PzabTEAlEkmE7SKSAY7ESKx0Bl0NjITD4MgATjY2GwnDoeHydHwrJoeXwchAjKZZBZbM5ZG57LF-PQguFtGwfNkjOZwrl3LoqD5m1VbO2dHQ7NR4D8xnEtNxLAAwhp8AAhAAiZAAogB1ZioZ1uz2+-2Bj3ev2KMBKNFWYAAHRQGBweEIibgCZAIUEKnTiejtMTxETaOEhfgiZ1suZlCVXDFyCLiepWLEeYl2uluq5PMNypNIoIdETAF8R8xMxRqLQGJR05ns7mK+AlOXiyBS+W4JWu9XpeghehWPhUPgm9YaW3l5Kqxye4qjQKhaacHzR+OTOJQuIbVJ0MRaAA-9WQAsgAMoADUAA9liGAzAgIA-BQPAyDoNggD4MwYCkO2FDMFQRQAC9QngZAhAAc3gDdmBUPFYzgEBBGYcjICo289XQdAWWwApsHydkOWYcRjDY9BsHZQ1KF4-AT2YDEqLIWI6FifDeFIUJBjgeCQDUMB4GqMiQBUcRhFI3c73lUhbUouA6Cs2AGPYrlMQE5B2XZKgCFQShMBo4QmMc09YgIRTkFrYLvJovwSLgQy-FM2zSBUNFNIQUA8VCYoVCoipRFEFRVzEZhRG-GLQFy-LCtEeBSWJDcyyKxzzLlMK61ZJkQDHYh0sy7KGIqgraWK0r4HKsRKqGuBavRBrqqamULPyQ9j1PTqRxMbRbTY5quSwfBmG0NRSJmyaUB26VqEoShzQtIhSH8W1ToDF1wxDUhyL02Lzp4jlSAARz6wy1AS7ARyAA
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 100.24.200.179 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-24-200-179.compute-1.amazonaws.com
Software: / Express
Resource Hash: c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 17 Feb 2021 13:39:22 GMT
x-powered-by: Express
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: image/gif

GET
H2 200 ptmd
dt.clnmde.com/ 70 B
330 B 351ms
122ms Image
image/gif 100.24.200.179
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.clnmde.com/ptmd?t=16135691624413246214969_N4IgxgTgbiBcDaJgB0QEYAcAWAzAJhzQFYtVYUQAXATwAcBTM1SAfQEsATVAGlSjfZc4qNADY0OIqICcYtAHYiABhwZJStD1QALKAGdBTEEpMbxkmWLx4MGFWjRYlRC4WJLUAX08huSVKJY8qI4OEp48mQUNAxGrJxaIPyGwujmUrLiWC5YGMQYRIm6BgmppmYSGVZ40spuTi5SoXgqXj5+FHmi8rY48ppw0XSMqfFCvEkCpbAi6ZbiwfLySlhY0qS+OvopM8amchaZ1kp29c6uoivSbSAAun5gYNoA1nCIXT1q-Xd+tJyUb2MPxAEHoADMAKoQAA2AIQIGBeggYChsMB2kolFoegApDgAII4vAAMSJxL09DAAFcIGwaABDMFg+lsCB6AB0YAA9mSAO5ciAcWigvS4kkOLAhURkgC2XIARmxofQALR4Ml6bT00F0lX02i0FVg6H03nsjEy6HA7b-N4AOyp0Oh9xAxUEcMQ5QOVVEx1OEvOTUua2B1L0lHdgIwAGEIUQAEIAEVEAFEAOqIyj0yhUvRvHDSbhYbihEvFyQl0Ql+QljAugBe9LgaF+AHM4ElfCB6HaYLAQLQu63tB3vfM8KsJBPfY5pDIu5Q8-3HDU7PJJXgiEQMF39B3ROylOzVGgu-SrbAcH4wWA4CqW93KGxm3Mjn5w+3YEp369l6+rCwc5oNI6z9Nu8g4F29BsIOy4FOyxAHgoRAIRg8hQVSTawA+VLPl+fj0FAF7wKAdr0jK9AdoqHAcPQECCF2HDZlhoDUbR9GcHADpOn4yScX+lTzMhKhqMop7eNwpHkZR-ZsXRDF+ExWaDCAckcRwXGOtCvFTBpAmHHI2Q4Lk+RECAElSRRVGcOxCkgEpLGqTZ8n8dx2mTAx+k+go3TLKs6zmZ4Lp6NC4ajv+vq4GZfjQmCzY6Z5aSCZkEiOFgNhmF2YYRvxIAxnGSaphmfitre2ERROwR+AAjjJD5gnhOCeEAA
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 100.24.200.179 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-24-200-179.compute-1.amazonaws.com
Software: / Express
Resource Hash: c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 17 Feb 2021 13:39:22 GMT
x-powered-by: Express
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: image/gif

GET
H2 200 djax_elastic.js Show response
cdn.pixfuture.com/ Frame 1D1D 37 KB
38 KB 168ms
124ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/djax_elastic.js
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24274x728x90x4142x_ADSLOT1&keywords=popular,shareit,app,is,affected,severe,flaws,yet,be,fixedsecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24274x728x90x4142x_ADSLOT1&flag=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 403a66e2c1229bea681682cf8e17bbcc1c3990e0d200161ed3c094c9100141f7

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:22 GMT
cf-cache-status: DYNAMIC
last-modified: Tue, 16 Feb 2021 15:16:56 GMT
server: cloudflare
etag: "602be1e8-955e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HpZAvfy53njXLUEwEPwI9BZUVm3orW8NojvJex6JLlJCb8PO2dDsuc1153YJ3CrEeXSC%2FtfTjI85RPnH0iRKrwKiT3YmoCQM8JF%2F%2Fxmc1uftep6cTNhKVGpyOTHKUA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 622fea01f8454bdd-AMS
content-length: 38238
cf-request-id: 0851d0953c00004bdd26acb000000001
expires: Fri, 19 Feb 2021 13:39:22 GMT

GET
H2 200 prebid4.19.0.js Show response
cdn.pixfuture.com/ Frame 1D1D 331 KB
331 KB 154ms
111ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24274x728x90x4142x_ADSLOT1&keywords=popular,shareit,app,is,affected,severe,flaws,yet,be,fixedsecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24274x728x90x4142x_ADSLOT1&flag=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46db7a0a77511a777f77205b377cde8df6937dbde8a6e63441d7829d8f6ccfee

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:22 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 10 Dec 2020 17:32:50 GMT
server: cloudflare
etag: "5fd25bc2-52b1b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=njOCg7pNXB9d%2B%2B99Sb0xIrZZ6b5fpbVnZ3nF1m%2BKiOZy9pbB2HlyiC4bSuVBnzAqa7dyheccdO4D%2Ba0Ta7N2ejk1qEk5PLmHqO8JYCmUHyUYmr6YNCysvLzSfAyj0A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 622fea01f8484bdd-AMS
content-length: 338715
cf-request-id: 0851d0953d00004bdd3a2c0000000001
expires: Fri, 19 Feb 2021 13:39:22 GMT

GET
H/1.1 204
No Content pview
l.sharethis.com/ 0
315 B 30ms
30ms Image
text/plain 18.195.238.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.sharethis.com/pview?event=pview&version=st_insights.js&lang=en&sessionID=1613569162112.91883&hostname=securityaffairs.co&location=%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&product=simpleshare&fcmp=false&fcmpv2=false&publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&bsamesite=true&consent_cookie_duration=319&consent_duration=320&gdpr_domain=.consensu.org&gdpr_method=cookie&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&title=Popular%20SHAREit%20app%20is%20affected%20by%20severe%20flaws%20yet%20to%20be%20fixedSecurity%20Affairs&sop=false&description=Multiple%20vulnerabilities%20in%20the%20popular%20file-sharing%20app%20SHAREit%20have%20yet%2C%20to%20be%20addressed%2C%20experts%20from%20Trend%20Micro%20warned.%20SHAREit%20is%20a%20popular%20file-sharing%20Android%20app%20with%20more%20than%20one%20billion%20downloads%2C%20experts%20from%20Trend%20Micro%20discovered%20multiple%20unpatched%20vulnerabilities%20in%20its%20code.%20The%20vulnerabilities%20impact%20the%20Android%20version%20of%C2%A0SHAREit%2C%20a%20mobile%20app%20that%20allows%20users%20%5B%E2%80%A6%5D&gdpr_domain=.consensu.org&gdpr_method=cookie&description=Multiple%20vulnerabilities%20in%20the%20popular%20file-sharing%20app%20SHAREit%20have%20yet%2C%20to%20be%20addressed%2C%20experts%20from%20Trend%20Micro%20warned.%20SHAREit%20is%20a%20popular%20file-sharing%20Android%20app%20with%20more%20than%20one%20billion%20downloads%2C%20experts%20from%20Trend%20Micro%20discovered%20multiple%20unpatched%20vulnerabilities%20in%20its%20code.%20The%20vulnerabilities%20impact%20the%20Android%20version%20of%C2%A0SHAREit%2C%20a%20mobile%20app%20that%20allows%20users%20%5B%E2%80%A6%5D&img_pview=true
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.238.30 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-238-30.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 13:39:22 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2 200 djax_elastic.js Show response
cdn.pixfuture.com/ Frame 4A16 37 KB
38 KB 127ms
127ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/djax_elastic.js
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24272x320x50x4142x_ADSLOT1&keywords=popular,shareit,app,is,affected,severe,flaws,yet,be,fixedsecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24272x320x50x4142x_ADSLOT1&flag=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 403a66e2c1229bea681682cf8e17bbcc1c3990e0d200161ed3c094c9100141f7

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:22 GMT
cf-cache-status: DYNAMIC
last-modified: Tue, 16 Feb 2021 15:16:56 GMT
server: cloudflare
etag: "602be1e8-955e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=enyO5XW4HV%2BxqV1bU4KVnwj5pz208zTJ%2FoUlIyMTZiV%2F81GBY4%2FRuInd6D3R34RdP0uSlVZkyBc9a65YmIdZPZikE%2B9ITuinvmwjn1KJCtiUpWtFMF7SxyLp63hhZg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 622fea0208794bdd-AMS
content-length: 38238
cf-request-id: 0851d0954400004bdd2b13f000000001
expires: Fri, 19 Feb 2021 13:39:22 GMT

GET
H2 200 prebid4.19.0.js Show response
cdn.pixfuture.com/ Frame 4A16 331 KB
332 KB 101ms
100ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24272x320x50x4142x_ADSLOT1&keywords=popular,shareit,app,is,affected,severe,flaws,yet,be,fixedsecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24272x320x50x4142x_ADSLOT1&flag=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46db7a0a77511a777f77205b377cde8df6937dbde8a6e63441d7829d8f6ccfee

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:22 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 10 Dec 2020 17:32:50 GMT
server: cloudflare
etag: "5fd25bc2-52b1b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=19rG6jRKtdQ8ILMO7UvBPFNgPcJ1UIusngCtzCgFbyjmx%2BN0H5MwITfGyvQnFpTSmj5RcLv6U2oZ59XPnXbAsJHnd8gv6Mn9TqoeHuTYhAQFtJQcHO6ktv%2FoRBqR0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 622fea02087c4bdd-AMS
content-length: 338715
cf-request-id: 0851d0954400004bdd8500a000000001
expires: Fri, 19 Feb 2021 13:39:22 GMT

GET
H2 200 cenw.js Show response
dt.clnmde.com/ Frame 4680 36 B
359 B 270ms
123ms XHR
text/html 100.24.200.179
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://dt.clnmde.com/cenw.js
Requested by: Host: pxlclnmdecom-a.akamaihd.net
URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/bfp_ssn.js?templateId=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 100.24.200.179 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-24-200-179.compute-1.amazonaws.com
Software: / Express
Resource Hash: 081050a050b51472f12c3ed9f97830061b8a8d27575facfeb0f9de8a5b234764

Request headers

Referer: https://pxlclnmdecom-a.akamaihd.net/javascripts/bfp_ssn.js?templateId=3
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:22 GMT
vary: Accept-Encoding
x-powered-by: Express
etag: W/"24-oTfhcxQqd/z4Owji4gPF1Q"
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
content-length: 36

GET
H2 200 jquery3_5_1.min.js Show response
cdn.pixfuture.com/ Frame 1D1D 87 KB
88 KB 116ms
114ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/jquery3_5_1.min.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/djax_elastic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:22 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 26 Aug 2020 15:41:27 GMT
server: cloudflare
etag: "5f4682a7-15d84"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=G8JYHCxnCrS%2BAN2vsDMEER%2FTzBQZlt15bWNM8WSGwTX90fcdytTFTde38tSxwM7IwZkW2UmL8wu5Wt%2FNYVOD9XiTA%2Be8IJfUDISlWCq6AdId59CefR5P9%2Fp6sNzDWw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 622fea034bf94bdd-AMS
content-length: 89476
cf-request-id: 0851d0960f00004bdd84b3b000000001
expires: Fri, 19 Feb 2021 13:39:22 GMT

GET
H2 200 djax_elastic.js Show response
cdn.pixfuture.com/ Frame 59BB 37 KB
38 KB 129ms
128ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/djax_elastic.js
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24270x300x250x4142x_ADSLOT1&keywords=popular,shareit,app,is,affected,severe,flaws,yet,be,fixedsecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24270x300x250x4142x_ADSLOT1&flag=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 403a66e2c1229bea681682cf8e17bbcc1c3990e0d200161ed3c094c9100141f7

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:22 GMT
cf-cache-status: DYNAMIC
last-modified: Tue, 16 Feb 2021 15:16:56 GMT
server: cloudflare
etag: "602be1e8-955e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=fnaMUbSNCuVG6q6Cgy6xspoEeZK%2BFuaEDED%2BAVJKYOxNw01y1bMIrsoFkjhs3y8J6sloqYI4lJNHwqvUcZpSA88oe0dS3A3dIaQWkRwdMkKDE%2FmgbWtGD3TK3hyHTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 622fea03cd414bdd-AMS
content-length: 38238
cf-request-id: 0851d0965900004bdd81011000000001
expires: Fri, 19 Feb 2021 13:39:22 GMT

GET
H2 200 prebid4.19.0.js Show response
cdn.pixfuture.com/ Frame 59BB 331 KB
331 KB 108ms
107ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24270x300x250x4142x_ADSLOT1&keywords=popular,shareit,app,is,affected,severe,flaws,yet,be,fixedsecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24270x300x250x4142x_ADSLOT1&flag=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46db7a0a77511a777f77205b377cde8df6937dbde8a6e63441d7829d8f6ccfee

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:22 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 10 Dec 2020 17:32:50 GMT
server: cloudflare
etag: "5fd25bc2-52b1b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=c%2FRudl1niuv47WqTmRvLNo5ixtxcFNRaVkMt22%2FBFdsC0GoQmeHsyp8TS%2BUhWh2xHSGOAXgTDBFjcxqObg2AB3eZa3qG%2FJoVrloaQdU%2FJZrZKzJNcIcmt3dq8E9qKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 622fea03cd474bdd-AMS
content-length: 338715
cf-request-id: 0851d0965a00004bdd4904c000000001
expires: Fri, 19 Feb 2021 13:39:22 GMT

GET
H2 200 jquery3_5_1.min.js Show response
cdn.pixfuture.com/ Frame 4A16 87 KB
88 KB 126ms
126ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/jquery3_5_1.min.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/djax_elastic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:22 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 26 Aug 2020 15:41:27 GMT
server: cloudflare
etag: "5f4682a7-15d84"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=GtVY8pniVJV860dtQWrvOPBp1MGTA8L1R8SIf6cHdttG4jNyhx0RaL%2FHVuDNVhu6OaOtkq5ESM705eq80BNxNO87i9%2BoWfeLEj6z5Zz%2BlQarcA2hfHj5RfjL23hTcA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 622fea03cd484bdd-AMS
content-length: 89476
cf-request-id: 0851d0965a00004bdd59ba5000000001
expires: Fri, 19 Feb 2021 13:39:22 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 68ms
22ms Other
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1

Protocol

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://securityaffairs.co
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: https://securityaffairs.co
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1534
date: Wed, 17 Feb 2021 13:39:22 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/ Frame 4A16
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1
https://mug.criteo.com/sid?cpp=NxKZ9nw1WmRRbkU5ZzdrSVhQOW1sVzdjNFQ2ZnJLdXk1cU9wNGFYWTZadEhQSVQyMGI3WmExYTQ1UkQ1TWxtMlYwRmxqWE5zMjk0a0FnRXVjek5reE1WUmMrZ05uUXp3SDRKdGQ5Q0RHK0dxTDRqTDBLbWVaYVpVM0c5Yj...

345 B
626 B

128ms
44ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=NxKZ9nw1WmRRbkU5ZzdrSVhQOW1sVzdjNFQ2ZnJLdXk1cU9wNGFYWTZadEhQSVQyMGI3WmExYTQ1UkQ1TWxtMlYwRmxqWE5zMjk0a0FnRXVjek5reE1WUmMrZ05uUXp3SDRKdGQ5Q0RHK0dxTDRqTDBLbWVaYVpVM0c5YjJzTjVMV2FVWk1taXhiZkhiWWgwZlNiODlxMTNtamsvS1dTMThSZm1ETmtsMXRiUUFWWEI1NHhaWmJQZU40R0g4Z0E3b0lZejZaWHlPUS9vNldxYk0wRksyb3J4eS9SbU9tYjJMVkdNQjBxSTZWTzBWb3pNPXw&cppv=2

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

5213596549a4e2921c9c6a17f5310ee8b7189486fb590542a62e92b171d3f71e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Wed, 17 Feb 2021 13:39:22 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3231
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Wed, 17 Feb 2021 13:39:22 GMT
location: https://mug.criteo.com/sid?cpp=NxKZ9nw1WmRRbkU5ZzdrSVhQOW1sVzdjNFQ2ZnJLdXk1cU9wNGFYWTZadEhQSVQyMGI3WmExYTQ1UkQ1TWxtMlYwRmxqWE5zMjk0a0FnRXVjek5reE1WUmMrZ05uUXp3SDRKdGQ5Q0RHK0dxTDRqTDBLbWVaYVpVM0c5YjJzTjVMV2FVWk1taXhiZkhiWWgwZlNiODlxMTNtamsvS1dTMThSZm1ETmtsMXRiUUFWWEI1NHhaWmJQZU40R0g4Z0E3b0lZejZaWHlPUS9vNldxYk0wRksyb3J4eS9SbU9tYjJMVkdNQjBxSTZWTzBWb3pNPXw&cppv=2
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1980
content-length: 482
expires: 0

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame 4A16 1 KB
2 KB 189ms
56ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%222ff5d11788a3e2%22%3A%22277a716b3c3b01668abf%7C320x50%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&s=4c682428-8138-478e-9ff5-7d46b23afb79&pv=1deb16b7-73ff-42d6-bcfb-5ca7b8e1ba9a&vp=mobile&lib_name=prebid&lib_v=4.19.0&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22pubcid%22%3A%2227e472a2-84cb-4def-b952-8a3d1861a2ee%22%7D&kw=popular%2Cshareit%2Capp%2Cis%2Caffected%2Csevere%2Cflaws%2Cyet%2Cbe%2Cfixedsecurity%2Caffairs

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

3eb00bcbdf8063539eb4f8e5e4831c381d168575ee2630304ee9b997ee6affa8

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:23 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-10
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 598
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 4A16 144 B
1 KB 74ms
73ms XHR
application/json 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

466e0865ab6764bbe7a1de7419d0d8a91279592283915a5fc1d6ad32c0ac3fe8

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:22 GMT
X-Proxy-Origin: 185.156.175.187; 185.156.175.187; 723.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.244:80
AN-X-Request-Uuid: 63a4ce07-7093-49bf-b9dd-6fa320e8e8f0
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ Frame 4A16 173 B
360 B 100ms
57ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=7d27c9dd-72c2-41d8-97f6-a64566e9285f&nocache=1613569162873&pubcid=27e472a2-84cb-4def-b952-8a3d1861a2ee&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=320x50&divIds=24272x320x50x4142x_ADSLOT1&auid=540580841&tps=bXlrZXl3b3JkPXBvcHVsYXIsc2hhcmVpdCxhcHAsaXMsYWZmZWN0ZWQsc2V2ZXJlLGZsYXdzLHlldCxiZSxmaXhlZHNlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9cG9wdWxhcixzaGFyZWl0LGFwcCxpcyxhZmZlY3RlZCxzZXZlcmUsZmxhd3MseWV0LGJlLGZpeGVkc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: 1e182450674b6ffbdfadfdc1111d1c744bee6ca085bb84149fc589d86566bf00

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:22 GMT
content-encoding: gzip
server: OXGW/16.202.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 164
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 4A16 0
61 B 72ms
72ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Wed, 17 Feb 2021 13:39:23 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 31ms
23ms Other
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1

Protocol

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://securityaffairs.co
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: https://securityaffairs.co
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1566
date: Wed, 17 Feb 2021 13:39:22 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/ Frame 1D1D
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1
https://mug.criteo.com/sid?cpp=xU4t1Hxua3pkcW9KVnJsRnY5Z3drcUd0U2t4aVZ4RWNWRHhzRDM4QTZxSnpabElvUUs5OEhYVHhNZENtNmowbDJ0aVMrQWg2WThqY3NKeGZLM3pKY2pia2ZsL0dTQlVqZTlqZ0prSUt6U0w3Yi93d2NXRDBqN1ZTN1dpWE...

348 B
630 B

127ms
43ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=xU4t1Hxua3pkcW9KVnJsRnY5Z3drcUd0U2t4aVZ4RWNWRHhzRDM4QTZxSnpabElvUUs5OEhYVHhNZENtNmowbDJ0aVMrQWg2WThqY3NKeGZLM3pKY2pia2ZsL0dTQlVqZTlqZ0prSUt6U0w3Yi93d2NXRDBqN1ZTN1dpWEFKeTRKY3Z4V1plbHRGbjVrUGlMNWhRN1pEYzRrczhydkR2R3NIbXR2SUNiTGJYNWRieDBJdm45S2dYM1ZhcEVhZFlDTFA4SmRRZnVvQnFwM3k3QmlwVEp3UWlERmlCa0dIR240YXg2R2Vrd3Ixaml0eU1vPXw&cppv=2

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

888f70266b1b7fa98ef2a027344d5c6aeffabcce06c1631596530d9b10860b01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Wed, 17 Feb 2021 13:39:22 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2448
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Wed, 17 Feb 2021 13:39:22 GMT
location: https://mug.criteo.com/sid?cpp=xU4t1Hxua3pkcW9KVnJsRnY5Z3drcUd0U2t4aVZ4RWNWRHhzRDM4QTZxSnpabElvUUs5OEhYVHhNZENtNmowbDJ0aVMrQWg2WThqY3NKeGZLM3pKY2pia2ZsL0dTQlVqZTlqZ0prSUt6U0w3Yi93d2NXRDBqN1ZTN1dpWEFKeTRKY3Z4V1plbHRGbjVrUGlMNWhRN1pEYzRrczhydkR2R3NIbXR2SUNiTGJYNWRieDBJdm45S2dYM1ZhcEVhZFlDTFA4SmRRZnVvQnFwM3k3QmlwVEp3UWlERmlCa0dIR240YXg2R2Vrd3Ixaml0eU1vPXw&cppv=2
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2013
content-length: 482
expires: 0

POST
H/1.1 200
OK cookie_sync Show response
prebidserver.pixfuture.com/ Frame 1D1D 275 B
647 B 358ms
117ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/cookie_sync
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 6a99e7d178fd19b946a936a0f64d31a1af2e843b889ab515ada00d38622c5d67

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:23 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 275
Expires: 0

POST
H/1.1 200
OK auction Show response
prebidserver.pixfuture.com/openrtb2/ Frame 1D1D 105 B
462 B 380ms
139ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/openrtb2/auction
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e8fed4d659201749ef6e80fc033f59045a6f6c59784bebfe96d32b7261565e7a

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:23 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 105
Expires: 0

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ Frame 1D1D 62 B
661 B 246ms
190ms XHR
application/json 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_728x90&cmd=bid&secure=1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.128 /
Resource Hash: d3a735be72b0bc85a066b1e648c638109f722c95eda669f9ad6c5eeeae5917c9

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 17 Feb 2021 13:39:23 GMT
Server: ATS/7.1.2.128
Age: 1
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame 1D1D 1 KB
2 KB 183ms
56ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%226cf1fb2e807e6d%22%3A%22951d83dd852c9348161e%7C728x90%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&s=e3cdd860-9d17-4e23-a8e0-981228d2654d&pv=5f70c6d2-0f74-498e-a267-e96bb86175e1&vp=mobile&lib_name=prebid&lib_v=4.19.0&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22pubcid%22%3A%2227e472a2-84cb-4def-b952-8a3d1861a2ee%22%7D&kw=popular%2Cshareit%2Capp%2Cis%2Caffected%2Csevere%2Cflaws%2Cyet%2Cbe%2Cfixedsecurity%2Caffairs

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

a1c8f29337a7abfdcde999ff2ff0c5dd1f124d40bc13da314c83579c1d44ff3b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:23 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-128
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 603
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ Frame 1D1D 172 B
560 B 64ms
54ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=3f63957d-efea-4b47-aca9-f05ce0fb7c02&nocache=1613569162906&pubcid=27e472a2-84cb-4def-b952-8a3d1861a2ee&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=728x90&divIds=24274x728x90x4142x_ADSLOT1&auid=540580842&tps=bXlrZXl3b3JkPXBvcHVsYXIsc2hhcmVpdCxhcHAsaXMsYWZmZWN0ZWQsc2V2ZXJlLGZsYXdzLHlldCxiZSxmaXhlZHNlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9cG9wdWxhcixzaGFyZWl0LGFwcCxpcyxhZmZlY3RlZCxzZXZlcmUsZmxhd3MseWV0LGJlLGZpeGVkc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: 92df8f3f6af203d94b1da05c5b3b2d6d6cbd0292d6bcb19ffb6e6fb7fbce81b9

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:22 GMT
content-encoding: gzip
server: OXGW/16.202.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 163
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 1D1D 145 B
1 KB 65ms
65ms XHR
application/json 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

ec507071e075a307f8775b6866e0217f05fee7a7b1305cdb674f24b78465edaa

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:22 GMT
X-Proxy-Origin: 185.156.175.187; 185.156.175.187; 723.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.144:80
AN-X-Request-Uuid: 58ab752e-cf46-49b0-ad2a-c666368eeaf6
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 1D1D 0
61 B 72ms
72ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Wed, 17 Feb 2021 13:39:22 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 ptmd
dt.clnmde.com/ 70 B
330 B 122ms
121ms Image
image/gif 100.24.200.179
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.clnmde.com/ptmd?t=16135691624413246214969_N4IgxgTgbiBcDaJgB0QEYAcAWAzAJhzQFYtVYUQAXATwAcBTM1SAfQEsATVAGlSjfZc4qNADY0OIqICcYtAHYiABhwZJStD1QALKAGdBTEEpMbxkmWLx4MGFWjRYlRC4WJLUAX08huSVKJY8qI4OEp48mQUNAxGrJxaIPyGwujmUrLiWC5YGMQYRIm6BgmppmYSGVZ40spuTi5SoXgqXj5+FHmi8rY48ppw0XSMqfFCvEkCpbAi6ZbiwfLySlhY0qS+OvopM8amchaZ1kp29c6uoivSbb7+IF09av1RqDEju2OJydOzlfMSjiwNjMRW2Pz2JgOVVEx1ODgaFyuNwAun4AHYAQzg8CB62k3TwgW4EicGGWOGk3BcJmwaiUqJAmL0cBqfjYGIAttj6WyMczYBg-AAPABmcGMohFaDANQ4ACM8DLFBg8PQ5Tg5XYsFK8E0IkpbqLKOK1PRRPRpNI5SKnHL5FgYTgRWBJBIRRwlGAiNJwhxbmwYLAlAA6Ih+PSUDGUACu-PgFO4rLCxOkDIAXljYGg-LQAObimB+ehowMgWi3XPacVQ+Z4VYSOswxz46S3Sj89C4uz2mFEIgYW76cWiYMh1RoW4YgA2cBwfmdcAAtNmQPRKGw4DWjuHKPmg+GANbVuZHFj4tCWoL5eQ4W70Njl2DoArB4gjhREV9ku-RzMr6Mbvuq5QDOCCgJiHL0OKcqcBw9AQIItwcFGmagDBHBwQhnBwGi0ZTlOfjfH6T5bnIigqGoygTt43DgZyUFPuhmGIX4yGRoMIBMfBiGwLh+GEVMxFpH8mSODkeT9kQIA0XRkHQbB3HYaxKEcVxWHEXxBGTDxwmHGR3TLKs6zSZ4tGMvR8kYYpfrKex5CcQp6k4XhWlEceIkHICwJiCZDJ6FOEbuXpMK4FJfhTmKWYCTppHmF5dg+X4YCxpQOkYAAwgAqkQABCAAiogAKIAOoVmAm4nmIYSrH4ACODEriKgFYJ4QA
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 100.24.200.179 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-24-200-179.compute-1.amazonaws.com
Software: / Express
Resource Hash: c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 17 Feb 2021 13:39:23 GMT
x-powered-by: Express
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: image/gif

GET
H2 200 jquery3_5_1.min.js Show response
cdn.pixfuture.com/ Frame 59BB 87 KB
88 KB 118ms
118ms Script
application/javascript 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pixfuture.com/jquery3_5_1.min.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/djax_elastic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:23 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 26 Aug 2020 15:41:27 GMT
server: cloudflare
etag: "5f4682a7-15d84"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=OfmMBHALZCeRYMScIRCKgUoY2gko8gC331%2F%2BhYt1WyyAXDiF7egYMuBfY8%2BD1jZ66kgZt8QFDBsvWdNpLKaFa1NYbu2d7UM2if%2FvIIFeR5cZvzofvHW6lEViEbCnag%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 622fea0528a84bdd-AMS
content-length: 89476
cf-request-id: 0851d0973700004bdd2da87000000001
expires: Fri, 19 Feb 2021 13:39:23 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 23ms
22ms Other
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1

Protocol

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://securityaffairs.co
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: https://securityaffairs.co
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1816
date: Wed, 17 Feb 2021 13:39:22 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/ Frame 59BB
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fsecurityaffairs.co%2F&domain=securityaffairs.co&cw=1
https://mug.criteo.com/sid?cpp=sSagG3xlZVl0bGdQRDBpMytoMnRGNk9wd2RqMUVoTXRJNkpCekpvS1NwelMzaUxwRU93TTBGNDMvR0dHR1Fmc3FiczRobEw5dmdJOVJ5NkdxS1MxMjVKT01pWTJOWVZLdHVsSWNxclEwWnJablFTR1lZTm5yWjVidWltVW...

353 B
631 B

45ms
43ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=sSagG3xlZVl0bGdQRDBpMytoMnRGNk9wd2RqMUVoTXRJNkpCekpvS1NwelMzaUxwRU93TTBGNDMvR0dHR1Fmc3FiczRobEw5dmdJOVJ5NkdxS1MxMjVKT01pWTJOWVZLdHVsSWNxclEwWnJablFTR1lZTm5yWjVidWltVWs2eUFMSkpxRDhRWkxRWU9sakFLaGJTOXRlbG5YYXJOcHhEZFZKRlVhUkZpVHBuMTd6bGc1U2hVWis3Yk1kTVBLWlNhdzYrK3lyS090T2Z5S0svM1hlMDNVRDNZZHBHVlYwZEpVUVdadFlBRkFhc0JnaGtvPXw&cppv=2

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

126421ca99f4c3186cf23d5b2d475fc3e8b9953e89c0388376ed14206d098b0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Wed, 17 Feb 2021 13:39:23 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2320
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Wed, 17 Feb 2021 13:39:22 GMT
location: https://mug.criteo.com/sid?cpp=sSagG3xlZVl0bGdQRDBpMytoMnRGNk9wd2RqMUVoTXRJNkpCekpvS1NwelMzaUxwRU93TTBGNDMvR0dHR1Fmc3FiczRobEw5dmdJOVJ5NkdxS1MxMjVKT01pWTJOWVZLdHVsSWNxclEwWnJablFTR1lZTm5yWjVidWltVWs2eUFMSkpxRDhRWkxRWU9sakFLaGJTOXRlbG5YYXJOcHhEZFZKRlVhUkZpVHBuMTd6bGc1U2hVWis3Yk1kTVBLWlNhdzYrK3lyS090T2Z5S0svM1hlMDNVRDNZZHBHVlYwZEpVUVdadFlBRkFhc0JnaGtvPXw&cppv=2
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2521
content-length: 482
expires: 0

POST
H/1.1 200
OK cookie_sync Show response
prebidserver.pixfuture.com/ Frame 59BB 275 B
647 B 314ms
119ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/cookie_sync
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 6a99e7d178fd19b946a936a0f64d31a1af2e843b889ab515ada00d38622c5d67

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:23 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 275
Expires: 0

POST
H/1.1 200
OK auction Show response
prebidserver.pixfuture.com/openrtb2/ Frame 59BB 105 B
462 B 353ms
136ms XHR
application/json 157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebidserver.pixfuture.com/openrtb2/auction
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 4a47020c7133fbd4487539f0d04c700d195c32ac057d741be039e9582beee778

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:23 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 105
Expires: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 59BB 144 B
1 KB 91ms
91ms XHR
application/json 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

85a14d9b722f0b48f6ae7c9bb1b081946a5ef8eaf90ef21ef46364c76a3874bd

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:23 GMT
X-Proxy-Origin: 185.156.175.187; 185.156.175.187; 723.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.239:80
AN-X-Request-Uuid: 749e7b8e-2b4a-4eb3-8f8d-6c8c650b4098
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ Frame 59BB 1 KB
2 KB 87ms
86ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%226af1ac24965633%22%3A%22833199e4bd4003904bc3%7C300x250%7Cf%3D0.3%22%7D&ref=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&s=4ba7cb35-75fb-4c99-8f80-8ba6c4bb8c3e&pv=a7fdc55c-be3a-42e7-a4f2-8dbfe2016d47&vp=mobile&lib_name=prebid&lib_v=4.19.0&us=0&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22pixfuture.com%22%2C%22sid%22%3A%224142%22%2C%22hp%22%3A1%7D%5D%7D&userid=%7B%22pubcid%22%3A%2227e472a2-84cb-4def-b952-8a3d1861a2ee%22%7D&kw=popular%2Cshareit%2Capp%2Cis%2Caffected%2Csevere%2Cflaws%2Cyet%2Cbe%2Cfixedsecurity%2Caffairs

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

c6be819465ebc64b0b21a82ff5a008feeb7c328eae6b29a1b3b3540e16f6c3fd

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:23 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-10
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://securityaffairs.co
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 598
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ Frame 59BB 62 B
661 B 303ms
249ms XHR
application/json 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a969105017575db4f32dc2eda5c0067&pos=pixfuture_network_news_300x250&cmd=bid&secure=1
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.128 /
Resource Hash: a174d97af97444a78de9a08a52674b937cf4e0f27f1dc0a6e2455805153596ac

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 17 Feb 2021 13:39:23 GMT
Server: ATS/7.1.2.128
Age: 0
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://securityaffairs.co
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 59BB 0
61 B 77ms
77ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://securityaffairs.co
date: Wed, 17 Feb 2021 13:38:15 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 arj Show response
pixfuture2-d.openx.net/w/1.0/ Frame 59BB 173 B
361 B 54ms
53ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pixfuture2-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=da30f3fc-76bc-4ea2-8e77-f02c917682d2&nocache=1613569163071&pubcid=27e472a2-84cb-4def-b952-8a3d1861a2ee&schain=1.0%2C1!pixfuture.com%2C4142%2C1%2C%2C%2C&aus=300x250&divIds=24270x300x250x4142x_ADSLOT1&auid=540580840&tps=bXlrZXl3b3JkPXBvcHVsYXIsc2hhcmVpdCxhcHAsaXMsYWZmZWN0ZWQsc2V2ZXJlLGZsYXdzLHlldCxiZSxmaXhlZHNlY3VyaXR5LGFmZmFpcnMmbXlvdGhlcmtleXdvcmQ9cG9wdWxhcixzaGFyZWl0LGFwcCxpcyxhZmZlY3RlZCxzZXZlcmUsZmxhd3MseWV0LGJlLGZpeGVkc2VjdXJpdHksYWZmYWlycw%3D%3D
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: 64c06ce1ac27f0105b0f173d836436c12d28d2fad0193a3fb31f14a9045afe0f

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:23 GMT
content-encoding: gzip
server: OXGW/16.202.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://securityaffairs.co
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 165
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 116ms
39ms Other
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1229
date: Wed, 17 Feb 2021 13:39:22 GMT
content-encoding: gzip
vary: Accept-Encoding

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 116ms
38ms Other
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1064
date: Wed, 17 Feb 2021 13:39:22 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2 200 nrrV67478.js Show response
contextual.media.net/4a/ Frame 8BB2 88 KB
29 KB 45ms
45ms Script
text/javascript 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV67478.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

6a988f4f14a4f897e6d2b617bdd71095b6bbd22124a971d2cd8e6afa4c382c3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "1b36a7ba1bc3c917d710d5cef8c83a02"
vary: Accept-Encoding
x-mnet-h: 10-8
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Wed, 17 Feb 2021 13:39:23 GMT
content-length: 29191
expires: Wed, 03 Mar 2021 13:39:23 GMT

GET
DATA 200
OK truncated
/ Frame 8BB2 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 8BB2 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bullet1.woff
contextual.media.net/__media__/fonts/bullet1/ Frame 8BB2 2 KB
2 KB 277ms
214ms Font
font/woff 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/bullet1/bullet1.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

d9ac862518df3efb07d7cecda391ab683489cf26fa04d62e179ba60869dd69bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:23 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 1792
expires: Thu, 18 Feb 2021 13:39:23 GMT

GET
H2 200 nrrV67478.js Show response
contextual.media.net/4a/ Frame 433D 88 KB
29 KB 42ms
42ms Script
text/javascript 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV67478.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

6a988f4f14a4f897e6d2b617bdd71095b6bbd22124a971d2cd8e6afa4c382c3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "1b36a7ba1bc3c917d710d5cef8c83a02"
vary: Accept-Encoding
x-mnet-h: 10-8
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Wed, 17 Feb 2021 13:39:23 GMT
content-length: 29191
expires: Wed, 03 Mar 2021 13:39:23 GMT

GET
DATA 200
OK truncated
/ Frame 433D 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 433D 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bullet1.woff
contextual.media.net/__media__/fonts/bullet1/ Frame 433D 2 KB
2 KB 103ms
49ms Font
font/woff 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/bullet1/bullet1.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

d9ac862518df3efb07d7cecda391ab683489cf26fa04d62e179ba60869dd69bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:23 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 1792
expires: Thu, 18 Feb 2021 13:39:23 GMT

GET
H2 200 nrrV67478.js Show response
contextual.media.net/4a/ Frame 6ED6 88 KB
29 KB 44ms
44ms Script
text/javascript 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV67478.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

6a988f4f14a4f897e6d2b617bdd71095b6bbd22124a971d2cd8e6afa4c382c3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "1b36a7ba1bc3c917d710d5cef8c83a02"
vary: Accept-Encoding
x-mnet-h: 10-8
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Wed, 17 Feb 2021 13:39:23 GMT
content-length: 29191
expires: Wed, 03 Mar 2021 13:39:23 GMT

GET
DATA 200
OK truncated
/ Frame 6ED6 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 6ED6 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bullet1.woff
contextual.media.net/__media__/fonts/bullet1/ Frame 6ED6 2 KB
2 KB 169ms
133ms Font
font/woff 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/bullet1/bullet1.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

d9ac862518df3efb07d7cecda391ab683489cf26fa04d62e179ba60869dd69bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:23 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 1792
expires: Thu, 18 Feb 2021 13:39:23 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 58D3 94 KB
34 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/djax_elastic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c32a6272694a3ff9b3db93d79ea28ff12c9fbe4087b4cc435d060966f4d06c38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 34263
x-xss-protection: 0
server: cafe
etag: 12653882566310025213
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 17 Feb 2021 13:39:23 GMT

GET
H/1.1 200
OK demo_track.js Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ Frame 4A16 3 KB
3 KB 118ms
118ms Script
application/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.js?v719
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 87e389a3a4bd245fb6f0caec79116717f0de1512386058feb5e3565558ad19db

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 13:39:23 GMT
Last-Modified: Tue, 16 Feb 2021 15:11:23 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "602be09b-aa5"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 2725
Expires: Fri, 19 Feb 2021 13:39:23 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 38ms
38ms Other
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1068
date: Wed, 17 Feb 2021 13:39:22 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2 200 nrrV67478.js Show response
contextual.media.net/4a/ Frame E0E4 88 KB
29 KB 73ms
73ms Script
text/javascript 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/4a/nrrV67478.js

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/dmedianet.js?cid=8CU5BD6EW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

6a988f4f14a4f897e6d2b617bdd71095b6bbd22124a971d2cd8e6afa4c382c3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: max-age=2592000
strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
etag: "1b36a7ba1bc3c917d710d5cef8c83a02"
vary: Accept-Encoding
x-mnet-h: 10-8
content-type: text/javascript; charset=utf-8
cache-control: max-age=1209600
date: Wed, 17 Feb 2021 13:39:23 GMT
content-length: 29191
expires: Wed, 03 Mar 2021 13:39:23 GMT

GET
DATA 200
OK truncated
/ Frame E0E4 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame E0E4 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bullet1.woff
contextual.media.net/__media__/fonts/bullet1/ Frame E0E4 2 KB
2 KB 33ms
33ms Font
font/woff 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/bullet1/bullet1.woff

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

d9ac862518df3efb07d7cecda391ab683489cf26fa04d62e179ba60869dd69bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:23 GMT
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 1792
expires: Thu, 18 Feb 2021 13:39:23 GMT

GET
H/1.1

200
OK

setuid
prebidserver.pixfuture.com/ Frame 1D1D
Redirect Chain

https://cm.mgid.com/m?cdsp=363893&adu=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Dmgid%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%7Bmuidn%7D
https://prebidserver.pixfuture.com:8000/setuid?bidder=mgid&gdpr=1&gdpr_consent=&uid=l1hnnouUUeD5

36 B
36 B

361ms
121ms

Image
text/plain

157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebidserver.pixfuture.com:8000/setuid?bidder=mgid&gdpr=1&gdpr_consent=&uid=l1hnnouUUeD5
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:24 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: text/plain; charset=utf-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 36
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:23 GMT
cf-cache-status: DYNAMIC
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-mg-request-uuid: 4f72ca77-9fd1-4ef9-a822-e0335e4e6002
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
location: https://prebidserver.pixfuture.com:8000/setuid?bidder=mgid&gdpr=1&gdpr_consent=&uid=l1hnnouUUeD5
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 622fea088be423df-ZRH
content-type: image/gif
cf-request-id: 0851d09958000023df0117c000000001
server: cloudflare

GET
H3-Q050 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame D599 94 KB
34 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/djax_elastic.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c32a6272694a3ff9b3db93d79ea28ff12c9fbe4087b4cc435d060966f4d06c38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 34263
x-xss-protection: 0
server: cafe
etag: 12653882566310025213
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 17 Feb 2021 13:39:23 GMT

GET
H/1.1 200
OK demo_track.js Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ Frame 1D1D 3 KB
3 KB 118ms
118ms Script
application/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.js?v330
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 87e389a3a4bd245fb6f0caec79116717f0de1512386058feb5e3565558ad19db

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 13:39:23 GMT
Last-Modified: Tue, 16 Feb 2021 15:11:23 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "602be09b-aa5"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 2725
Expires: Fri, 19 Feb 2021 13:39:23 GMT

GET
H2 200 bql.php Show response
lg3.media.net/ Frame 433D 15 B
216 B 39ms
38ms Script
text/javascript 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=0&hvsid=00001613569162208031140535636049&geo=47.37|8.55&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bW9c2mufwmM6qC9U44Q2KYHJ4MkEhpquzYYyF7blTCdeP_t0CnDoCd-48OWtK1c8GJREbRiZ2d7Rn3CLlRi3arUTGsYZqRNJY&lpid=&tsid=1&q=&prv=&type=&ps=&cme=2YQZB0YOkGnZQOg0hfZKccppkaUVCL98uAL-hDV2yJRQkD7nMA4oEQp850mNU3GYN-g0XEshUA_Lz1KNjsUBXLgHc_MfUfqvAMhGNxpBtcdr64USAF08cMO1rY42EoHnT88xdjgCfVDqxxwobaqC6vabAE9VL0RtFmDjxSO7x8zMcVcckc2LAU2pOMbMf5UXOOi11g7EpNfimV5gXt0vzxvqMlqHZ7XG%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7COjVbOW8Tf3g-CplZAkej6TdhIxtl2cSDxLswSJyF8tOhmhTHfKtq3tSSRGJx8oZNRDPb2zu00Iib1TmyQrPxi9TNFi3u5KY4rjNeYlvCvgE%3D%7CN7fu2vKt8_s%3D%7CGk0mFLz-MJirAUAA5_Kw5vdyGA-LUmYDoNLxc_X4wRi6xN5NEB5nY2BeNYp7vQXNw_U_JQKbcbHnLzHzCL1ieo_FkD7NVAfSb0DUykxR0rFQHBB-gmJuPZRR2BUclDhVE6Sg01MafAriNV2YYYodC_PvF49Wv1C1PXpZrtj8BilZfdXzUDwrtLcD-Hbs9oh2XxGClDG89IshCBK5ex8TwnYRN6nJjYkI%7C&hint=&td=&cc=CH&wsip=170721394&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=fuoNufzNuN&vgde_setid=Nfu&&rc=0&ksu=207&fdkt=341&kwd[]=Send%20Large%20Files&kwt[]=341&kbc[]=im25680859&kwp[]=1&kid[]=25680859&kbc2[]=file%7C%7Cps%3D0.917%7C%7Crpc%3D0.15%7C%7Clvl%3D1.00&ktd[]=274911658240&kwd[]=Android%20APK%20Download&kwt[]=307&kbc[]=143282&kwp[]=2&kid[]=270141735&kbc2[]=0%7C%7Cactr%3D0.152%7C%7Cps%3D0.665%7C%7Crpc%3D0.04%7C%7Clvl%3D2.27&ktd[]=3573446476032&kwd[]=Free%20App%20Download&kwt[]=266&kbc[]=250087&kwp[]=3&kid[]=216358784&kbc2[]=2%7C%7Cps%3D0.711%7C%7Crpc%3D0.06%7C%7Clvl%3D3.77&ktd[]=565423888269568&kwd[]=Video%20Chat%20Apps&kwt[]=266&kbc[]=250088&kwp[]=4&kid[]=29927777&kbc2[]=2%7C%7Cps%3D0.711%7C%7Crpc%3D0.23%7C%7Clvl%3D1.17&ktd[]=565423871492352&kwd[]=Top%20iOS%20Apps&kwt[]=266&kbc[]=250088&kwp[]=5&kid[]=321230315&kbc2[]=2%7C%7Cps%3D0.711%7C%7Crpc%3D0.11%7C%7Clvl%3D1.00&ktd[]=565423888269568&rand=1613569163495&cid=8CU5BD6EW&vwid=1613569161767704494&vi=1613569161767704494&l3ch=1&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=ZH&vgd_l1rakh=1613569161187303028&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D1%7C%40%7Clsat%3D3&vgd_ifrmode=00&sttm=1613569162208&upk=1613569162.20718&hvsid=00001613569162208031140535636049&verid=4121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_isiolc=1&pid=8PO5M70HK&katen=1&pc=100&matm=1613569163499&vgd_ltime=1301&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=ZH&vgd_l2ch=0&vgd_l1ch=1&vgd_katbid=-2&vgd_kals=base%7C%7Cpc%3D100&vgd_kasts=tstype%3D-10401%7C%7Cgbid%3D-2&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=170721394&vgd_nrrsf=nrr&vgd_nrrv=67478&vgd_nrrs=67478&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-816788371%7CDIV&vgd_x_pos=367&vgd_y_pos=2497&vgd_ren_page_h=4139&vgd_cty=ZURICH&vgd_l1hcsd=N4%7C1131&vgd_sethcsd=A31%7C1141&vgd_cfud=200205&vgd_is_amp=0&vgd_icat=-1&vgd_spcat=-1&vgd_optout=0&vgd_ect=4g&vgd_rensize=524_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_l1rpth=%2Fdmedianet.js&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&oRurl=http%3A%2F%2Fcdn3gor%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DCH%26isOffice%3D0%26fvips%3D0%26vi%3D1613569161314428016%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D816788371%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D6%26baeFlag%3D0%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26gdpr%3D0%26cb%3Dwindow._mNDetails.initAd%26pid%3D8PO5M70HK%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f114636%252fmobile-2%252fshareit-app-flaw.html%26%26katen%3D1%26katbid%3D-2&tdAdd[]=uiparams%3D%3Brend_w%3A524%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV67478.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Wed, 17 Feb 2021 13:39:23 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Wed, 17 Feb 2021 13:39:23 GMT

POST
H2 200 log
navvy.media.net/ Frame 433D 807 B
997 B 794ms
370ms Other
image/gif 52.52.52.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV67478.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.52.52.5 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-52-52-5.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:24 GMT
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
content-length: 807
expires: Wed, 17 Feb 2021 13:39:24 GMT

GET
H2 200 bql.php Show response
lg3.media.net/ Frame 6ED6 15 B
216 B 44ms
43ms Script
text/javascript 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=0&hvsid=00001613569162295031140535633203&geo=47.37|8.55&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bW9c2mufwmM6qC9U44Q2KYHJ4MkEhpquzYYyF7blTCdeP_t0CnDoCd-48OWtK1c8GJREbRiZ2d7SPDMbItdgs5bC8i_4sKzrE&lpid=&tsid=1&q=&prv=&type=&ps=&cme=lP9xlqPHnqemNqp8OwGnciwrQH63C8TrpP-z6LqZZO4Yr6zGZCoPdWu5Q206ApACca05KNUn0WUiUhXbZb26QyRVJrWe5pCLf-kajGLj_hN1RA33EYVGT3ZRHA-jRSIxi8klLsaxLExXHeLk1ofySoqEAhPqIFGkxVtfoL-dYVdPN2urZSBWBzW59gj4KdYlTBe7ranP51SJlUV92M-nrBpyR4Et9WZF%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7COjVbOW8Tf3g-CplZAkej6TdhIxtl2cSDxLswSJyF8tOhmhTHfKtq3tSSRGJx8oZNRDPb2zu00Iib1TmyQrPxi9TNFi3u5KY4rjNeYlvCvgE%3D%7CN7fu2vKt8_s%3D%7CSd5Ea-Bg2COKL7NYDzOdvStoAeOH3ZIJ8MP0_M-z5ZMbLkqOJzX8C-5lcLuxPz8PqeMFSJtFWiQeIL_g5FYRbH9QR_ywiEFhiSMMJP0Y4P-MfeH2nxGRb5iB-HAk2BPHMo7ByIyVNQjsaFiYNKLqxuSpxxpv5EkssK91tb-Z4BPO1TNMP_eVIvNiSyS9QVvFGfAMqYTMDOmZTKJktCyAig%3D%3D%7C&hint=&td=&cc=CH&wsip=170721388&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=fuoyxQBuG&vgde_setid=Nfu&&rc=0&ksu=207&fdkt=341&kwd[]=Send%20Large%20Files&kwt[]=341&kbc[]=im25680859&kwp[]=1&kid[]=25680859&kbc2[]=file%7C%7Cps%3D0.917%7C%7Crpc%3D0.15%7C%7Clvl%3D1.00&ktd[]=274911657984&kwd[]=Android%20APK%20Download&kwt[]=307&kbc[]=143282&kwp[]=2&kid[]=270141735&kbc2[]=0%7C%7Cactr%3D0.152%7C%7Cps%3D0.665%7C%7Crpc%3D0.04%7C%7Clvl%3D2.27&ktd[]=3573446475776&kwd[]=Free%20App%20Download&kwt[]=266&kbc[]=250087&kwp[]=3&kid[]=216358784&kbc2[]=2%7C%7Cps%3D0.711%7C%7Crpc%3D0.06%7C%7Clvl%3D3.77&ktd[]=565423888269312&kwd[]=Video%20Chat%20Apps&kwt[]=266&kbc[]=250088&kwp[]=4&kid[]=29927777&kbc2[]=2%7C%7Cps%3D0.711%7C%7Crpc%3D0.23%7C%7Clvl%3D1.17&ktd[]=565423871492096&kwd[]=Top%20iOS%20Apps&kwt[]=266&kbc[]=250088&kwp[]=5&kid[]=321230315&kbc2[]=2%7C%7Cps%3D0.711%7C%7Crpc%3D0.11%7C%7Clvl%3D1.00&ktd[]=565423888269312&rand=1613569163509&cid=8CU5BD6EW&vwid=1613569161453481585&vi=1613569161453481585&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=ZH&vgd_l1rakh=1613569161187303028&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D1%7C%40%7Clsat%3D3&vgd_ifrmode=00&sttm=1613569162295&upk=1613569162.20718&hvsid=00001613569162295031140535633203&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_isiolc=1&npgv=1&pid=8PO5M70HK&katen=1&pc=100&matm=1613569163513&vgd_ltime=1222&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=ZH&vgd_l2ch=0&vgd_l1ch=1&vgd_katbid=-2&vgd_kals=base%7C%7Cpc%3D100&vgd_kasts=tstype%3D-10401%7C%7Cgbid%3D-2&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=170721369&vgd_nrrsf=nrr&vgd_nrrv=67478&vgd_nrrs=67478&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-647633027%7CDIV&vgd_x_pos=980&vgd_y_pos=723&vgd_ren_page_h=4139&vgd_cty=ZURICH&vgd_l1hcsd=N4%7C1131&vgd_sethcsd=A31%7C1141&vgd_cfud=200205&vgd_is_amp=0&vgd_icat=-1&vgd_spcat=-1&vgd_optout=0&vgd_ect=4g&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_l1rpth=%2Fdmedianet.js&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&oRurl=http%3A%2F%2Fcdn3gor%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DCH%26isOffice%3D0%26fvips%3D0%26vi%3D1613569161453481585%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D647633027%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D6%26baeFlag%3D0%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26gdpr%3D0%26cb%3Dwindow._mNDetails.initAd%26pid%3D8PO5M70HK%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f114636%252fmobile-2%252fshareit-app-flaw.html%26%26katen%3D1%26katbid%3D-2&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV67478.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Wed, 17 Feb 2021 13:39:23 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Wed, 17 Feb 2021 13:39:23 GMT

POST
H2 200 log
navvy.media.net/ Frame 6ED6 807 B
997 B 782ms
369ms Other
image/gif 52.52.52.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV67478.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.52.52.5 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-52-52-5.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:24 GMT
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
content-length: 807
expires: Wed, 17 Feb 2021 13:39:24 GMT

GET
H3-Q050 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210211/r20190131/ Frame 58D3 227 KB
85 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210211/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5fee2a3e4db0a9b907550346569920e7ea79a4b855260d5c9d063aebd408ce52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 87061
x-xss-protection: 0
server: cafe
etag: 9039926254773515089
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 17 Feb 2021 13:39:23 GMT

GET
H3-Q050 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210211/r20190131/ Frame 77EA 10 KB
5 KB 19ms
18ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210211/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a1b2ebe6a2b314929967bdf1ba8c694fb45bf76a5b847e57fb847b3cdd9338a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210211/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 17 Feb 2021 04:14:22 GMT
expires: Wed, 03 Mar 2021 04:14:22 GMT
content-type: text/html; charset=UTF-8
etag: 6440208225989294717
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4777
x-xss-protection: 0
age: 33901
cache-control: public, max-age=1209600
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

setuid
prebidserver.pixfuture.com/ Frame 59BB
Redirect Chain

https://cm.mgid.com/m?cdsp=363893&adu=https%3A%2F%2Fprebidserver.pixfuture.com%3A8000%2Fsetuid%3Fbidder%3Dmgid%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%7Bmuidn%7D
https://prebidserver.pixfuture.com:8000/setuid?bidder=mgid&gdpr=1&gdpr_consent=&uid=l1hnjEGzNSD5

36 B
36 B

358ms
121ms

Image
text/plain

157.245.94.128
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebidserver.pixfuture.com:8000/setuid?bidder=mgid&gdpr=1&gdpr_consent=&uid=l1hnjEGzNSD5
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 157.245.94.128 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:24 GMT
Server: nginx/1.14.0 (Ubuntu)
Vary: Origin
Content-Type: text/plain; charset=utf-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 36
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:23 GMT
cf-cache-status: DYNAMIC
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-mg-request-uuid: 6ead19c2-81ce-469e-b57c-78aff3073a62
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
location: https://prebidserver.pixfuture.com:8000/setuid?bidder=mgid&gdpr=1&gdpr_consent=&uid=l1hnjEGzNSD5
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 622fea088be623df-ZRH
content-type: image/gif
cf-request-id: 0851d0995b000023dfcd9f2000000001
server: cloudflare

GET
H3-Q050 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 84E6 94 KB
33 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/djax_elastic.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c32a6272694a3ff9b3db93d79ea28ff12c9fbe4087b4cc435d060966f4d06c38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 34263
x-xss-protection: 0
server: cafe
etag: 12653882566310025213
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 17 Feb 2021 13:39:23 GMT

GET
H/1.1 200
OK demo_track.js Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ Frame 59BB 3 KB
3 KB 118ms
118ms Script
application/javascript 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.js?v318
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 87e389a3a4bd245fb6f0caec79116717f0de1512386058feb5e3565558ad19db

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 13:39:23 GMT
Last-Modified: Tue, 16 Feb 2021 15:11:23 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "602be09b-aa5"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 2725
Expires: Fri, 19 Feb 2021 13:39:23 GMT

GET
H2 200 bql.php Show response
lg3.media.net/ Frame 8BB2 15 B
216 B 31ms
30ms Script
text/javascript 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=0&hvsid=00001613569162208031140535636049&geo=47.37|8.55&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bW9c2mufwmM6qC9U44Q2KYHJ4MkEhpquzYYyF7blTCdeP_t0CnDoCd-48OWtK1c8GJREbRiZ2d7Rn3CLlRi3arUTGsYZqRNJY&lpid=&tsid=1&q=&prv=&type=&ps=&cme=2YQZB0YOkGnZQOg0hfZKccppkaUVCL98uAL-hDV2yJRQkD7nMA4oEQp850mNU3GYN-g0XEshUA_Lz1KNjsUBXLgHc_MfUfqvAMhGNxpBtcdr64USAF08cMO1rY42EoHnT88xdjgCfVDqxxwobaqC6vabAE9VL0RtFmDjxSO7x8zMcVcckc2LAU2pOMbMf5UXOOi11g7EpNfimV5gXt0vzxvqMlqHZ7XG%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7COjVbOW8Tf3g-CplZAkej6TdhIxtl2cSDxLswSJyF8tOhmhTHfKtq3tSSRGJx8oZNRDPb2zu00Iib1TmyQrPxi9TNFi3u5KY4rjNeYlvCvgE%3D%7CN7fu2vKt8_s%3D%7CGk0mFLz-MJirAUAA5_Kw5vdyGA-LUmYDoNLxc_X4wRi6xN5NEB5nY2BeNYp7vQXNw_U_JQKbcbHnLzHzCL1ieo_FkD7NVAfSb0DUykxR0rFQHBB-gmJuPZRR2BUclDhVE6Sg01MafAriNV2YYYodC_PvF49Wv1C1PXpZrtj8BilZfdXzUDwrtLcD-Hbs9oh2XxGClDG89IshCBK5ex8TwnYRN6nJjYkI%7C&hint=&td=&cc=CH&wsip=170721394&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=fuoNufzNuN&vgde_setid=Nfu&&rc=0&ksu=207&fdkt=341&kwd[]=Send%20Large%20Files&kwt[]=341&kbc[]=im25680859&kwp[]=1&kid[]=25680859&kbc2[]=file%7C%7Cps%3D0.917%7C%7Crpc%3D0.15%7C%7Clvl%3D1.00&ktd[]=274911658240&kwd[]=Android%20APK%20Download&kwt[]=307&kbc[]=143282&kwp[]=2&kid[]=270141735&kbc2[]=0%7C%7Cactr%3D0.152%7C%7Cps%3D0.665%7C%7Crpc%3D0.04%7C%7Clvl%3D2.27&ktd[]=3573446476032&kwd[]=Free%20App%20Download&kwt[]=266&kbc[]=250087&kwp[]=3&kid[]=216358784&kbc2[]=2%7C%7Cps%3D0.711%7C%7Crpc%3D0.06%7C%7Clvl%3D3.77&ktd[]=565423888269568&kwd[]=Video%20Chat%20Apps&kwt[]=266&kbc[]=250088&kwp[]=4&kid[]=29927777&kbc2[]=2%7C%7Cps%3D0.711%7C%7Crpc%3D0.23%7C%7Clvl%3D1.17&ktd[]=565423871492352&kwd[]=Top%20iOS%20Apps&kwt[]=266&kbc[]=250088&kwp[]=5&kid[]=321230315&kbc2[]=2%7C%7Cps%3D0.711%7C%7Crpc%3D0.11%7C%7Clvl%3D1.00&ktd[]=565423888269568&rand=1613569163482&cid=8CU5BD6EW&vwid=1613569161314428016&vi=1613569161314428016&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=ZH&vgd_l1rakh=1613569161187303028&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D2%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D1%7C%40%7Clsat%3D3&vgd_ifrmode=00&sttm=1613569162217&upk=1613569162.20718&hvsid=00001613569162208031140535636049&verid=4121199&kbbq=%26sde%3D1%26adepth%3D2%26ddepth%3D1%26asn%3D9009&vgd_isiolc=1&npgv=1&pid=8PO5M70HK&katen=1&pc=100&matm=1613569163489&vgd_ltime=1348&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=ZH&vgd_l2ch=1&vgd_l1ch=1&vgd_katbid=-2&vgd_kals=base%7C%7Cpc%3D100&vgd_kasts=tstype%3D-10401%7C%7Cgbid%3D-2&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=170721394&vgd_nrrsf=nrr&vgd_nrrv=67478&vgd_nrrs=67478&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-816788371%7CDIV&vgd_x_pos=367&vgd_y_pos=2240&vgd_ren_page_h=4139&vgd_cty=ZURICH&vgd_l1hcsd=N4%7C1131&vgd_sethcsd=A31%7C1141&vgd_cfud=200205&vgd_is_amp=0&vgd_icat=-1&vgd_spcat=-1&vgd_optout=0&vgd_ect=4g&vgd_rensize=524_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_l1rpth=%2Fdmedianet.js&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&oRurl=http%3A%2F%2Fcdn3gor%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DCH%26isOffice%3D0%26fvips%3D0%26vi%3D1613569161314428016%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D816788371%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D6%26baeFlag%3D0%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26gdpr%3D0%26cb%3Dwindow._mNDetails.initAd%26pid%3D8PO5M70HK%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f114636%252fmobile-2%252fshareit-app-flaw.html%26%26katen%3D1%26katbid%3D-2&tdAdd[]=uiparams%3D%3Brend_w%3A524%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV67478.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Wed, 17 Feb 2021 13:39:23 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Wed, 17 Feb 2021 13:39:23 GMT

POST
H2 200 log
navvy.media.net/ Frame 8BB2 807 B
998 B 732ms
369ms Other
image/gif 52.52.52.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV67478.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.52.52.5 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-52-52-5.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:24 GMT
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
content-length: 807
expires: Wed, 17 Feb 2021 13:39:24 GMT

GET
H2 200 bql.php Show response
lg3.media.net/ Frame E0E4 15 B
216 B 33ms
32ms Script
text/javascript 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?&vgd_l2type=setting&v=1&gdpr=0&hvsid=00001613569162288031140535631150&geo=47.37|8.55&dlper=25&lper=100&fp=EIMN-ehR7Pps_CSyS_Yzo-2i1OixKc5bW9c2mufwmM6qC9U44Q2KYHJ4MkEhpquzYYyF7blTCdeP_t0CnDoCd-48OWtK1c8GJREbRiZ2d7TF_CqT7VHME6rjiJC5qfNf&lpid=&tsid=1&q=&prv=&type=&ps=&cme=2YQZB0YOkGnw7L-cGkVlaKuGdDX1ggO8DKkZkfySgQkkbFbpboLGq9VQi0oL2B1v0lOizCeGRYKNx0kr104Db97LFqYcthxbw8xzM2ffyL7si2TApls45qguGCPpqBLVsPfPodZKCrBCSkQ3mPj7n8JgU0KvLmkIWKG_XLAG2Woz9LL5VobIMfDLqkmU-M3fbWaOEmLOgGVjcr6R_fWCUB61nPYKMYE-%7C%7CNDHRnZ9Gz3KXlI-i9OnZqQ%3D%3D%7C5gDUJdTGiJzedmq9hanWYg%3D%3D%7CsRBSg3CPSiQ%3D%7COjVbOW8Tf3g-CplZAkej6TdhIxtl2cSDxLswSJyF8tOhmhTHfKtq3tSSRGJx8oZNRDPb2zu00Iib1TmyQrPxi9TNFi3u5KY4rjNeYlvCvgE%3D%7CN7fu2vKt8_s%3D%7C6XjEgZvD6IegM8CZU2HOoWN_wtQ6VcWD0fCHpYh_q3P0MbVePCjp1tWsMwV2S9MxgS-2I0UkvkrtnHAUgqULXI8HgiKnEQaBUqRO4ojguqrDAzRYQ-ZrxhmMbkHxa-S7R-bxCAQeNMTkrk4SBOizRK5aFASTj0bb0ApMExqClRaqH4-eDtdHHQ4gH1PRwb4kbOywGK-jl8RNvOs5WXPWNw%3D%3D%7C&hint=&td=&cc=CH&wsip=170721369&bca=0&ugd=4&vgd_chost=contextual.media.net&vgd_fcic=1&vgde_kbbh=fuoNufzNuN&vgde_setid=Nfu&&rc=0&ksu=207&fdkt=341&kwd[]=Send%20Large%20Files&kwt[]=341&kbc[]=im25680859&kwp[]=1&kid[]=25680859&kbc2[]=file%7C%7Cps%3D0.917%7C%7Crpc%3D0.15%7C%7Clvl%3D1.00&ktd[]=274911658240&kwd[]=Android%20APK%20Download&kwt[]=307&kbc[]=143282&kwp[]=2&kid[]=270141735&kbc2[]=0%7C%7Cactr%3D0.152%7C%7Cps%3D0.665%7C%7Crpc%3D0.04%7C%7Clvl%3D2.27&ktd[]=3573446476032&kwd[]=Free%20App%20Download&kwt[]=266&kbc[]=250087&kwp[]=3&kid[]=216358784&kbc2[]=2%7C%7Cps%3D0.711%7C%7Crpc%3D0.06%7C%7Clvl%3D3.77&ktd[]=565423888269568&kwd[]=Video%20Chat%20Apps&kwt[]=266&kbc[]=250088&kwp[]=4&kid[]=29927777&kbc2[]=2%7C%7Cps%3D0.711%7C%7Crpc%3D0.23%7C%7Clvl%3D1.17&ktd[]=565423871492352&kwd[]=Top%20iOS%20Apps&kwt[]=266&kbc[]=250088&kwp[]=5&kid[]=321230315&kbc2[]=2%7C%7Cps%3D0.711%7C%7Crpc%3D0.11%7C%7Clvl%3D1.00&ktd[]=565423888269568&rand=1613569163658&cid=8CU5BD6EW&vwid=1613569161750383501&vi=1613569161750383501&l3ch=0&slnkp=no&tdAdd[]=ib=0&vgd_uspa=0&vgd_sc=ZH&vgd_l1rakh=1613569161187303028&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D1%7C%40%7Clsat%3D3&vgd_ifrmode=00&sttm=1613569162288&upk=1613569162.20718&hvsid=00001613569162288031140535631150&verid=3121199&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1%26asn%3D9009&vgd_isiolc=1&npgv=1&pid=8PO5M70HK&katen=1&pc=100&matm=1613569163662&vgd_ltime=1375&vgd_ltimesrc=2&abpl=2&tdAdd[]=nw%3DNone&tdAdd[]=nwType%3DNone&tdAdd[]=asnum%3D9009&tdAdd[]=proxy%3DNone&tdAdd[]=comp%3DNone&vgd_l3_sc=ZH&vgd_l2ch=0&vgd_l1ch=1&vgd_katbid=-2&vgd_kals=base%7C%7Cpc%3D100&vgd_kasts=tstype%3D-10401%7C%7Cgbid%3D-2&vgd_altbql=sb&vgd_pdtid=1&vgd_implt=3&vgd_sbSup=1&vgd_l2wsip=170721388&vgd_nrrsf=nrr&vgd_nrrv=67478&vgd_nrrs=67478&vgd_nrrmf=4a&vgd_cntrdt=AS%7CDIV-184323154%7CDIV&vgd_x_pos=980&vgd_y_pos=413&vgd_ren_page_h=4139&vgd_cty=ZURICH&vgd_l1hcsd=N4%7C1131&vgd_sethcsd=A31%7C1141&vgd_cfud=200205&vgd_is_amp=0&vgd_icat=-1&vgd_spcat=-1&vgd_optout=0&vgd_ect=4g&vgd_rensize=300_250&vgd_scr_h=1200&vgd_scr_w=1600&vgd_l1rpth=%2Fdmedianet.js&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&oRurl=http%3A%2F%2Fcdn3gor%2Fmediamain.html%3F%26nb%3D1%26settings%3D1%26%26cc%3DCH%26isOffice%3D0%26fvips%3D0%26vi%3D1613569161750383501%26lw%3D1%26esi%3D1%26size%3D300x250%26crid%3D184323154%26vpf%3D000%26cid%3D8CU5BD6EW%26ugd%3D4%26chost%3Dcontextual.media.net%26vif%3D1%26blacpfl%3D1%26https%3D1%26blapd%3D0%26nse%3D6%26baeFlag%3D0%26cpcd%3DRlAcVccC-RdUYIl-LjF9ag%253d%253d%26nb%3D1%26gdpr%3D0%26cb%3Dwindow._mNDetails.initAd%26pid%3D8PO5M70HK%26requrl%3Dhttps%253a%252f%252fsecurityaffairs.co%252fwordpress%252f114636%252fmobile-2%252fshareit-app-flaw.html%26%26katen%3D1%26katbid%3D-2&tdAdd[]=uiparams%3D%3Brend_w%3A300%3Brend_h%3A250%3Bwin_w%3A1600%3Bwin_h%3A1200%3Bkwd_scnt%3A5&vgd_end=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV67478.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Wed, 17 Feb 2021 13:39:23 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Wed, 17 Feb 2021 13:39:23 GMT

POST
H2 200 log
navvy.media.net/ Frame E0E4 807 B
997 B 634ms
369ms Other
image/gif 52.52.52.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://navvy.media.net/log
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/4a/nrrV67478.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.52.52.5 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-52-52-5.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.7.v20170914) /
Resource Hash: 0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:24 GMT
server: Jetty(9.4.7.v20170914)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache,no-store
content-length: 807
expires: Wed, 17 Feb 2021 13:39:24 GMT

GET
H3-Q050 200 show_ads_impl_exp_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210211/r20190131/ Frame D599 227 KB
86 KB 62ms
45ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210211/r20190131/show_ads_impl_exp_fy2019.js?bust=exp%3D21066652

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ab0341f68cc06548e5b65a9660bf17584dd7a03bc68edf26a41a560789d1a84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://securityaffairs.co
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 87060
x-xss-protection: 0
server: cafe
etag: 14406113461772004968
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 17 Feb 2021 13:39:23 GMT

POST
H/1.1 200
OK demo_track.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ Frame 4A16 36 B
615 B 357ms
121ms XHR
text/html 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.php
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.js?v719
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e70696531ebef4e25c157f95ad6730a529ac4df922aa285b3d6e9236007e8820

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:24 GMT
Content-Encoding: gzip
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Fri, 19 Feb 2021 13:39:24 GMT

GET
H3-Q050 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210211/r20190131/ Frame 84E6 227 KB
85 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210211/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5fee2a3e4db0a9b907550346569920e7ea79a4b855260d5c9d063aebd408ce52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 87061
x-xss-protection: 0
server: cafe
etag: 9039926254773515089
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 17 Feb 2021 13:39:23 GMT

POST
H/1.1 200
OK demo_track.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ Frame 1D1D 36 B
615 B 364ms
122ms XHR
text/html 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.php
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.js?v330
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e70696531ebef4e25c157f95ad6730a529ac4df922aa285b3d6e9236007e8820

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:24 GMT
Content-Encoding: gzip
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Fri, 19 Feb 2021 13:39:24 GMT

GET
H3-Q050 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame 58D3 208 B
623 B 105ms
67ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210211/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&amaexp=1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

d31ccd909ed7bd9e9d5ab0b9be58d3190c6d02bf4c0af9cdae18b05470ebf3ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 196
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ Frame 58D3 109 B
150 B 29ms
28ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 17 Feb 2021 13:39:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ Frame 58D3 109 B
127 B 29ms
28ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 17 Feb 2021 13:39:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DA45 74 KB
24 KB 544ms
543ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492128&pi=t.ma~as.1139220782&w=320&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163518&bpp=23&bdt=292&idt=310&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=2&ga_vid=1723523192.1613569164&ga_sid=1613569164&ga_hid=590709438&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1798819538&scr_x=0&scr_y=0&eid=44736623%2C21068109%2C21068495%2C21068769%2C21068893&oid=3&pvsid=1620580691959385&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.hthzlhm2xcw&fsb=1&xpc=EVWxheMNe0&p=https%3A//securityaffairs.co&dtd=335

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dbdabb5b5784d0233f584f2289c1c833a32ba90e5af95bee845537c578b7a9b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492128&pi=t.ma~as.1139220782&w=320&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163518&bpp=23&bdt=292&idt=310&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=2&ga_vid=1723523192.1613569164&ga_sid=1613569164&ga_hid=590709438&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1798819538&scr_x=0&scr_y=0&eid=44736623%2C21068109%2C21068495%2C21068769%2C21068893&oid=3&pvsid=1620580691959385&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.hthzlhm2xcw&fsb=1&xpc=EVWxheMNe0&p=https%3A//securityaffairs.co&dtd=335
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 17 Feb 2021 13:39:24 GMT
server: cafe
content-length: 24305
x-xss-protection: 0
set-cookie: IDE=AHWqTUl8OL2VJhxfFkqEjahGf3fAy4-Pv4u3mW-HeDCOJF99qNihkbelK1YMvb1p; expires=Mon, 14-Mar-2022 13:39:23 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Wed, 17 Feb 2021 13:39:24 GMT
cache-control: private

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 58D3 74 KB
28 KB 72ms
55ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1082b879cd43a0dec9ab3cc9ae2ddad7426c64e73fed45067c89afcac5bdd227

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1613161064837431"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28346
x-xss-protection: 0
expires: Wed, 17 Feb 2021 13:39:23 GMT

POST
H/1.1 200
OK demo_track.php Show response
served-by.pixfuture.com/www/headerbid/library/tracking/ Frame 59BB 36 B
615 B 312ms
130ms XHR
text/html 68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.php
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/headerbid/library/tracking/demo_track.js?v318
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e70696531ebef4e25c157f95ad6730a529ac4df922aa285b3d6e9236007e8820

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:24 GMT
Content-Encoding: gzip
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Fri, 19 Feb 2021 13:39:24 GMT

GET
H3-Q050 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame D599 208 B
225 B 60ms
60ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210211/r20190131/show_ads_impl_exp_fy2019.js?bust=exp%3D21066652

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

8131f5be1c9e7baf874e18616ffea1f98724a4beed116b60a666997a027a5fc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 198
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ Frame D599 109 B
127 B 28ms
28ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210211/r20190131/show_ads_impl_exp_fy2019.js?bust=exp%3D21066652

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 17 Feb 2021 13:39:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ Frame D599 109 B
127 B 28ms
28ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210211/r20190131/show_ads_impl_exp_fy2019.js?bust=exp%3D21066652

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 17 Feb 2021 13:39:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D242 57 KB
15 KB 465ms
464ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210211/r20190131/show_ads_impl_exp_fy2019.js?bust=exp%3D21066652

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ab5eded321899e4ea1bdb0b088651758420390ee6f8e6d1e3e2a6af4495f3be0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 17 Feb 2021 13:39:24 GMT
server: cafe
content-length: 15208
x-xss-protection: 0
set-cookie: IDE=AHWqTUn51V0UNVcgl3Z05_eXWLe4Is8BOdcwOyN25FrNCfyCQlCI6K-__x7wl-2Kids; expires=Mon, 14-Mar-2022 13:39:23 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Wed, 17 Feb 2021 13:39:24 GMT
cache-control: private

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame D599 74 KB
28 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210211/r20190131/show_ads_impl_exp_fy2019.js?bust=exp%3D21066652

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1082b879cd43a0dec9ab3cc9ae2ddad7426c64e73fed45067c89afcac5bdd227

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1613161064837431"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28346
x-xss-protection: 0
expires: Wed, 17 Feb 2021 13:39:23 GMT

GET
H3-Q050 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame 84E6 208 B
247 B 64ms
63ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=securityaffairs.co&callback=_gfp_s_&client=ca-pub-1575911585432548

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

95adfb11fab85fa32174133e3a3a76cafe33cf146f19ed02cca1d20c65469fbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 197
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ Frame 84E6 109 B
150 B 28ms
27ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 17 Feb 2021 13:39:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ Frame 84E6 109 B
127 B 28ms
28ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=securityaffairs.co

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 17 Feb 2021 13:39:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H/1.1

200
OK

afr.php Show response
served-by.pixfuture.com/www/delivery/ Frame A6B9
Redirect Chain

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=250&slotname=1680648786&adk=1022037533&adf=1357492129&pi=t.ma~as.1680648786&w=300&ur...
https://served-by.pixfuture.com/www/delivery/afr.php?zoneid=5529

617 B
1019 B

141ms
141ms

Document
text/html

68.183.31.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://served-by.pixfuture.com/www/delivery/afr.php?zoneid=5529
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210211/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1575911585432548&plah=securityaffairs.co&amaexp=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.183.31.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 76d35c700a1d819d2ab5bdeeaa17c7e4a2291f5ca1bdfafa6398e8bd49ad943a

Request headers

Host: served-by.pixfuture.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Response headers

Server: nginx/1.10.3 (Ubuntu)
Date: Wed, 17 Feb 2021 13:39:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=172800 public, no-transform
Pragma: no-cache
Expires: Fri, 19 Feb 2021 13:39:24 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Encoding: gzip

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://served-by.pixfuture.com/www/delivery/afr.php?zoneid=5529
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 17 Feb 2021 13:39:24 GMT
server: cafe
content-length: 46
x-xss-protection: 0
set-cookie: IDE=AHWqTUmZEt7rnhtXQYRkeL2oOY8IS87mRSGxxo2eDxEhtJ3IXtemrrq4Zjl8bfmh; expires=Mon, 14-Mar-2022 13:39:24 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 84E6 74 KB
28 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1082b879cd43a0dec9ab3cc9ae2ddad7426c64e73fed45067c89afcac5bdd227

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1613161064837431"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28346
x-xss-protection: 0
expires: Wed, 17 Feb 2021 13:39:24 GMT

GET
H2 451 envelope Show response
api.rlcdn.com/api/identity/ Frame 4A16 0
222 B 89ms
35ms XHR
text/plain 34.120.207.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.rlcdn.com/api/identity/envelope?pid=1258
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.207.148 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 148.207.120.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 17 Feb 2021 13:39:24 GMT
via: 1.1 google
alt-svc: clear
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://securityaffairs.co
access-control-allow-credentials: true
access-control-allow-headers: Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
content-length: 0

GET
H2 200 rid Show response
match.adsrvr.org/track/ Frame 4A16 109 B
543 B 148ms
48ms XHR
application/json 52.51.224.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.51.224.103 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-51-224-103.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: c5b30f7a4c85ed6d75e7f4d7449536702e420e9947555394f8e1a4885e48854c

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 17 Feb 2021 13:39:24 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 109
expires: Fri, 19 Mar 2021 13:39:24 GMT

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame D8C3 37 KB
14 KB 106ms
47ms Document
text/html 23.218.208.200
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.200 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-200.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e70f46ce29bc22961327a3240b545cf419346d8c52316f774c7a7b2685914b8e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=85724
Expires: Thu, 18 Feb 2021 13:28:08 GMT
Date: Wed, 17 Feb 2021 13:39:24 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame D169 52 KB
17 KB 96ms
36ms Document
text/html 23.218.208.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-187.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: icu=ChgI3sJXEAoYAiACKAIwi7m0gQY4AkACSAIQi7m0gQYYAQ..; uuid2=910849219510724670
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Thu, 18 Feb 2021 13:39:26 GMT
Date: Wed, 17 Feb 2021 13:39:24 GMT
Connection: keep-alive

GET
H2 200 pd Show response
eu-u.openx.net/w/1.0/ Frame BD0B 668 B
731 B 49ms
46ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: 9a302e816f0c0489121fd6dd9c5de689d8cbb0e88300f81eaf7af2aa6320e61e

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=27e472a2-84cb-4def-b952-8a3d1861a2ee|1613569162
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=27e472a2-84cb-4def-b952-8a3d1861a2ee|1613569162; Version=1; Expires=Thu, 17-Feb-2022 13:39:24 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1613569164|gekin0vNiygu; Version=1; Expires=Thu, 04-Mar-2021 13:39:24 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.202.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Wed, 17 Feb 2021 13:39:24 GMT
content-type: text/html
content-length: 419
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 4A16
Redirect Chain

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4299626249
https://sync.1rx.io/usersync/tradedesk/25cdaedb-1c69-42ce-aa53-86f520887a6e
https://sync.targeting.unrulymedia.com/csync/RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Drhythmxchange%26nuid%3DRX-d33d2476-2f1e-4b2d-bf19-669...
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003

49 B
934 B

6848ms
43ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Wed, 17 Feb 2021 13:39:24 GMT
Server: Tengine
ETag: RXd33d24762f1e4b2dbf19669dcba4c78d003
Transfer-Encoding: chunked
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location: https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003
Connection: keep-alive
Content-Type: text/html

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 4A16
Redirect Chain

https://x.bidswitch.net/sync?ssp=sonobi
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05&google_hm=ZGUzOGJjOTMtNDZhZC00YjRlLTkxZjQtZTMzZjlmZTZmYzA1
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEJJNaHg31_FqkQzixY6LYgg&google_cver=1&ssp=sonobi&bsw_param=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05

49 B
931 B

7137ms
41ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: //sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05
date: Wed, 17 Feb 2021 13:39:24 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 4A16
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent=
https://sync.go.sonobi.com/us.gif?nw=td&nuid=25cdaedb-1c69-42ce-aa53-86f520887a6e&pubid=0b24fdfc82

49 B
927 B

7223ms
43ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=td&nuid=25cdaedb-1c69-42ce-aa53-86f520887a6e&pubid=0b24fdfc82

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:24 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://sync.go.sonobi.com/us.gif?nw=td&nuid=25cdaedb-1c69-42ce-aa53-86f520887a6e&pubid=0b24fdfc82
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 227

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 4A16
Redirect Chain

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=e206602d-1c8c-4800-aac6-ee0a474da9ca

49 B
931 B

7418ms
40ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=e206602d-1c8c-4800-aac6-ee0a474da9ca

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Wed, 17 Feb 2021 13:39:27 GMT
Server: MT3 3518 2f03077 master zrh-pixel-x29
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=e206602d-1c8c-4800-aac6-ee0a474da9ca
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 17 Feb 2021 13:39:26 GMT

GET
H/1.1

200
OK

usg.gif
sync.go.sonobi.com/ Frame 4A16
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=YTgwODMwNTAtOTg0NC00MGE1LWJmZjgtNjRkZjkzNTZjZGE3
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEGxjy0B9hULZMH8qfu-CqT4&google_cver=1

49 B
925 B

7418ms
40ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usg.gif?google_gid=CAESEGxjy0B9hULZMH8qfu-CqT4&google_cver=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:24 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.go.sonobi.com/usg.gif?google_gid=CAESEGxjy0B9hULZMH8qfu-CqT4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 4A16
Redirect Chain

https://p.rfihub.com/cm?pub=35683&in=1
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1870471592605931821

49 B
914 B

7136ms
40ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1870471592605931821

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1870471592605931821
Server: Jetty(9.0.6.v20130930)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 4A16
Redirect Chain

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=a8083050-9844-40a5-bff8-64df9356cda7&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=elhxODhYdnlaSHJSbE1DckY5d0NFQQ&gdpr=&gdpr_consent=
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESENfQn20TTtCSQ7E5g5mkGNM&google_cver=1
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=XQYJ3vW0TQDK

49 B
907 B

6065ms
40ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=pp&nuid=XQYJ3vW0TQDK

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://sync.go.sonobi.com/us.gif?nw=pp&nuid=XQYJ3vW0TQDK
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-75d6d6d469-7llqw
expires: -1

GET
H2 200 rid Show response
match.adsrvr.org/track/ Frame 1D1D 108 B
647 B 49ms
48ms XHR
application/json 52.51.224.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.51.224.103 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-51-224-103.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 2d062987c5e35e10a1727dd6f6979633c845bcead5b032119594a1563e4c4c53

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 17 Feb 2021 13:39:24 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 108
expires: Fri, 19 Mar 2021 13:39:24 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 1D1D
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent=
https://sync.go.sonobi.com/us.gif?nw=td&nuid=25cdaedb-1c69-42ce-aa53-86f520887a6e&pubid=0b24fdfc82

49 B
927 B

7222ms
42ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=td&nuid=25cdaedb-1c69-42ce-aa53-86f520887a6e&pubid=0b24fdfc82

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:24 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://sync.go.sonobi.com/us.gif?nw=td&nuid=25cdaedb-1c69-42ce-aa53-86f520887a6e&pubid=0b24fdfc82
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 227

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 1D1D
Redirect Chain

https://x.bidswitch.net/sync?ssp=sonobi
https://p.rfihub.com/cm?in=1&pub=20513&ssp=sonobi
https://x.bidswitch.net/sync?dsp_id=119&user_id=875739024248918103&expires=30&ssp=sonobi
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05

49 B
931 B

6878ms
40ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: //sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05
date: Wed, 17 Feb 2021 13:39:24 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 1D1D
Redirect Chain

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=e206602d-1c8c-4800-aac6-ee0a474da9ca

49 B
927 B

7225ms
40ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=e206602d-1c8c-4800-aac6-ee0a474da9ca

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Wed, 17 Feb 2021 13:39:27 GMT
Server: MT3 3518 2f03077 master zrh-pixel-x8
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=e206602d-1c8c-4800-aac6-ee0a474da9ca
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 17 Feb 2021 13:39:26 GMT

GET
H/1.1

200
OK

RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003
sync.targeting.unrulymedia.com/csync/ Frame 1D1D
Redirect Chain

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1111807461
https://sync.1rx.io/usersync/tradedesk/25cdaedb-1c69-42ce-aa53-86f520887a6e
https://sync.targeting.unrulymedia.com/csync/RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003

43 B
452 B

51ms
46ms

Image
image/gif

213.19.147.151
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.targeting.unrulymedia.com/csync/RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 213.19.147.151 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 13:39:24 GMT
Server: Tengine
Connection: keep-alive
Content-Length: 43
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:24 GMT
Server: Tengine
Transfer-Encoding: chunked
Content-Type: text/html
Location: https://sync.targeting.unrulymedia.com/csync/RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Expires: 0

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 1D1D
Redirect Chain

https://p.rfihub.com/cm?pub=35683&in=1
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1870471592605931847

49 B
910 B

7137ms
40ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1870471592605931847

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1870471592605931847
Server: Jetty(9.0.6.v20130930)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

usg.gif
sync.go.sonobi.com/ Frame 1D1D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=YTgwODMwNTAtOTg0NC00MGE1LWJmZjgtNjRkZjkzNTZjZGE3
https://sync.go.sonobi.com/usg.gif?google_gid=CAESECSNJ8OYQWXOaZ4AuU56TMQ&google_cver=1

49 B
925 B

7230ms
42ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usg.gif?google_gid=CAESECSNJ8OYQWXOaZ4AuU56TMQ&google_cver=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:24 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.go.sonobi.com/usg.gif?google_gid=CAESECSNJ8OYQWXOaZ4AuU56TMQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rtset
bh.contextweb.com/bh/ Frame 1D1D
Redirect Chain

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=a8083050-9844-40a5-bff8-64df9356cda7&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=WnhfT1JsMWVMOHB5cnpSMG0wa2NSZw&gdpr=&gdpr_consent=
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESENfQn20TTtCSQ7E5g5mkGNM&google_cver=1

49 B
678 B

124ms
123ms

Image
image/gif

198.148.27.139
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESENfQn20TTtCSQ7E5g5mkGNM&google_cver=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-75d6d6d469-7llqw
expires: -1

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESENfQn20TTtCSQ7E5g5mkGNM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 91AE 37 KB
14 KB 35ms
34ms Document
text/html 23.218.208.200
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.200 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-200.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e70f46ce29bc22961327a3240b545cf419346d8c52316f774c7a7b2685914b8e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=85724
Expires: Thu, 18 Feb 2021 13:28:08 GMT
Date: Wed, 17 Feb 2021 13:39:24 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame F989 52 KB
17 KB 37ms
36ms Document
text/html 23.218.208.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-187.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: icu=ChgI3sJXEAoYAiACKAIwi7m0gQY4AkACSAIQi7m0gQYYAQ..; uuid2=910849219510724670
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Thu, 18 Feb 2021 13:39:26 GMT
Date: Wed, 17 Feb 2021 13:39:24 GMT
Connection: keep-alive

GET
H2 200 pd Show response
eu-u.openx.net/w/1.0/ Frame AB86 498 B
629 B 44ms
42ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: f972ddd1b395375286ef790a1131480af9cae110ecf776dc496370c8b0d364d3

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=27e472a2-84cb-4def-b952-8a3d1861a2ee|1613569162; pd=v2|1613569164|gekin0vNiygu
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=27e472a2-84cb-4def-b952-8a3d1861a2ee|1613569162; Version=1; Expires=Thu, 17-Feb-2022 13:39:24 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1613569164|mWkigqiysLommOgevNgunsn0; Version=1; Expires=Thu, 04-Mar-2021 13:39:24 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.202.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Wed, 17 Feb 2021 13:39:24 GMT
content-type: text/html
content-length: 316
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H2 200 ptmd
dt.clnmde.com/ 70 B
330 B 123ms
122ms Image
image/gif 100.24.200.179
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.clnmde.com/ptmd?t=16135691624413246214969_N4Ig1ghiBcIBwCMDMBGAbCgnABgLQHYUAmAVlxRQFMFc4UAWTXIgExxYQUwRZJZAA04BDBRCAxgDcYIYAB0QAZ0qLFASwD2AOwD6igC4aAThADmlBdAWJUGHAWJkK1Wgyat2nbrxYKAvoIgpvoAZjAA2tgCUWJRcQC6QsGKEXHR6QlCBinQkRnpsYkglOL6ALYycCREgZQAHjLYgYriGjLoKEgkaJjoRDqYdpj0hCRw+EjNrWHQYkqt+u0YXT19A0MjKGMTOohE2OMIKNhE4piUSJQkISGULCjiDPhwd4jPUxqholkL-LAdK16aH6gyww1G4yQOiIEBQ+BCCGwWBCEDgcGwSBC4nE+DQEHoSHw4jQLyIRC6H30LBmc0okEqyA69kIpHIVBocCIt1wfDQSFQRGQPXwtTAIlmEkkOVkCmUqk0ugMxjMFhg1kZdjwLKc7NoXMoPJYfIFQsw+H8gTKAE8IuExEg0PgBHBegIyfQxERGChEuEiAIHU6XZ7GHA3fh6HBfUgBJh0QJiPGPTG0HzffRY-HE1F8OTYxN4kUAO4ARwiRWtRnLEjK4nFIBQcAJ5K29EC4iMZQADhEG8tukDOgx6ER0egdGUIGpdChAgCBx1cfh8Nh6Ix6BOp7oakJ56sMPgSBi4F0kZvpzpJrv+-uGCQkJGtlVz7o20UIAAbRa5NKZJRtaAMxANRpGgf0lH0CB9AAVxycJMDdGMkIDFCsCKAAvKAJRALtTBkaQhEoLRQJwwJTAACyWToF2BNdOi9YE3B6QJ9GlBgiDjbAI2BEgxkCKUZDQAA6bAhKQOhAk-GAYxALEYHIQj9DUUQbyBcCDDw6AoiUMAqMBNZQUwcEnwmWo1B7f4qiErZhLhEhrPGWpoKwuZoOUrTCMkD8IlALQIDKSgZAQNQWBYSgjB0ELAhYKCsNAYLQvCyK-i0aCPw-IRJDUZK9Jouzj1PWc-D8ARfP8wLYASsKIqioQYsgmB4pC6qcugVL0sy7Kov+VSOnoe9HzGEgQGK0qQD8gKguapLapAeq4pAKqZpStKMpALLWr7ajbyXFc12GEaSrKybKummr+Dq2LGsWs7WvataNu6rb9OWYdRyRNBDqKRQPwMXL9y9CkhA-GlOs2vdB1QNd3vQdtYP0Ta4AAYQAVRIAAhAARNAAFEAHUyPEFTtqBfrMBkksKrmEJ3OwPwgA
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 100.24.200.179 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-24-200-179.compute-1.amazonaws.com
Software: / Express
Resource Hash: c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 17 Feb 2021 13:39:25 GMT
x-powered-by: Express
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: image/gif

GET
H2 200 bqi.php
lg3.media.net/ 15 B
15 B 31ms
31ms Image
text/javascript 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&pid=8PO5M70HK&vgd_viab=1&kals=base%7C%7Cpc%3D100&katen=1&pc=100&kata=at2&katbid=-2&kasts=tstype%3D-10401%7C%7Cgbid%3D-2&cme=2YQZB0YOkGnw7L-cGkVlaKuGdDX1ggO8DKkZkfySgQkkbFbpboLGq9VQi0oL2B1v0lOizCeGRYKNx0kr104Db97LFqYcthxbw8xzM2ffyL7si2TApls45qguGCPpqBLVsPfPodZKCrBCSkQ3mPj7n8JgU0KvLmkIWKG_XLAG2Woz9LL5VobIMfDLqkmU-M3fbWaOEmLOgGVjcr6R_fWCUB61nPYKMYE-||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|sRBSg3CPSiQ=|OjVbOW8Tf3g-CplZAkej6TdhIxtl2cSDxLswSJyF8tOhmhTHfKtq3tSSRGJx8oZNRDPb2zu00Iib1TmyQrPxi9TNFi3u5KY4rjNeYlvCvgE=|N7fu2vKt8_s=|6XjEgZvD6IegM8CZU2HOoWN_wtQ6VcWD0fCHpYh_q3P0MbVePCjp1tWsMwV2S9MxgS-2I0UkvkrtnHAUgqULXI8HgiKnEQaBUqRO4ojguqrDAzRYQ-ZrxhmMbkHxa-S7R-bxCAQeNMTkrk4SBOizRK5aFASTj0bb0ApMExqClRaqH4-eDtdHHQ4gH1PRwb4kbOywGK-jl8RNvOs5WXPWNw==|&gdpr=0&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=184323154&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&vi=1613569161750383501&ugd=4&cc=CH&sc=ZH&startTime=1613569162287&l2type=setting&vgd_l1rakh=1613569161187303028&l1ch=1&sttm=1613569162288&upk=1613569162.20718&hvsid=00001613569162288031140535631150&verid=3121199&vgd_sc=ZH&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D1%7C%40%7Clsat%3D3&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&l1hcsd=l1!N4|1131&vgd_uspa=0&vgd_isiolc=1&npgv=1&clp=%7B%7D&l2ch=0&l2wsip=170721388&sethcsd=set!A31%7C1141

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Wed, 17 Feb 2021 13:39:25 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Wed, 17 Feb 2021 13:39:25 GMT

GET
H2 200 bqi.php
lg3.media.net/ 15 B
15 B 30ms
30ms Image
text/javascript 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bqi.php?lf=3&&vgd_l2type=setting&pid=8PO5M70HK&vgd_viab=1&kals=base%7C%7Cpc%3D100&katen=1&pc=100&kata=at2&katbid=-2&kasts=tstype%3D-10401%7C%7Cgbid%3D-2&cme=lP9xlqPHnqemNqp8OwGnciwrQH63C8TrpP-z6LqZZO4Yr6zGZCoPdWu5Q206ApACca05KNUn0WUiUhXbZb26QyRVJrWe5pCLf-kajGLj_hN1RA33EYVGT3ZRHA-jRSIxi8klLsaxLExXHeLk1ofySoqEAhPqIFGkxVtfoL-dYVdPN2urZSBWBzW59gj4KdYlTBe7ranP51SJlUV92M-nrBpyR4Et9WZF||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|sRBSg3CPSiQ=|OjVbOW8Tf3g-CplZAkej6TdhIxtl2cSDxLswSJyF8tOhmhTHfKtq3tSSRGJx8oZNRDPb2zu00Iib1TmyQrPxi9TNFi3u5KY4rjNeYlvCvgE=|N7fu2vKt8_s=|Sd5Ea-Bg2COKL7NYDzOdvStoAeOH3ZIJ8MP0_M-z5ZMbLkqOJzX8C-5lcLuxPz8PqeMFSJtFWiQeIL_g5FYRbH9QR_ywiEFhiSMMJP0Y4P-MfeH2nxGRb5iB-HAk2BPHMo7ByIyVNQjsaFiYNKLqxuSpxxpv5EkssK91tb-Z4BPO1TNMP_eVIvNiSyS9QVvFGfAMqYTMDOmZTKJktCyAig==|&gdpr=0&prid=8PRHGG6T9&cid=8CU5BD6EW&crid=647633027&requrl=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&vi=1613569161453481585&ugd=4&cc=CH&sc=ZH&startTime=1613569162293&l2type=setting&vgd_l1rakh=1613569161187303028&l1ch=1&sttm=1613569162295&upk=1613569162.20718&hvsid=00001613569162295031140535633203&verid=3121199&vgd_sc=ZH&tdAdd[]=%7C%40%7Csde%3D1%7C%40%7Cadepth%3D1%7C%40%7Cddepth%3D1%7C%40%7Cfsap%3D1%7C%40%7Clsat%3D3&kbbq=%26sde%3D1%26adepth%3D1%26ddepth%3D1&l1hcsd=l1!N4|1131&vgd_uspa=0&vgd_isiolc=1&npgv=1&clp=%7B%7D&l2ch=0&l2wsip=170721369&sethcsd=set!A31%7C1141

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
server: Apache
date: Wed, 17 Feb 2021 13:39:26 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
cache-control: max-age=0, no-cache, no-store
content-length: 15
expires: Wed, 17 Feb 2021 13:39:26 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame DA45 3 KB
681 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492128&pi=t.ma~as.1139220782&w=320&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163518&bpp=23&bdt=292&idt=310&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=2&ga_vid=1723523192.1613569164&ga_sid=1613569164&ga_hid=590709438&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1798819538&scr_x=0&scr_y=0&eid=44736623%2C21068109%2C21068495%2C21068769%2C21068893&oid=3&pvsid=1620580691959385&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.hthzlhm2xcw&fsb=1&xpc=EVWxheMNe0&p=https%3A//securityaffairs.co&dtd=335

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c312c8dcff723c5dcea1f1fc9cc0de63d9c7f29783cc9a0a4a1239c7619b5c7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492128&pi=t.ma~as.1139220782&w=320&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163518&bpp=23&bdt=292&idt=310&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=2&ga_vid=1723523192.1613569164&ga_sid=1613569164&ga_hid=590709438&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1798819538&scr_x=0&scr_y=0&eid=44736623%2C21068109%2C21068495%2C21068769%2C21068893&oid=3&pvsid=1620580691959385&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.hthzlhm2xcw&fsb=1&xpc=EVWxheMNe0&p=https%3A//securityaffairs.co&dtd=335
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 12:22:50 GMT
server: ESF
date: Wed, 17 Feb 2021 13:39:24 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 13:39:24 GMT

GET
H2 200 rid Show response
match.adsrvr.org/track/ Frame 59BB 108 B
666 B 49ms
49ms XHR
application/json 52.51.224.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.51.224.103 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-51-224-103.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 2d062987c5e35e10a1727dd6f6979633c845bcead5b032119594a1563e4c4c53

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 17 Feb 2021 13:39:24 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securityaffairs.co
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 108
expires: Fri, 19 Mar 2021 13:39:24 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 59BB
Redirect Chain

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=e206602d-1c8c-4800-aac6-ee0a474da9ca

49 B
927 B

5873ms
45ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=e206602d-1c8c-4800-aac6-ee0a474da9ca

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Wed, 17 Feb 2021 13:39:29 GMT
Server: MT3 3518 2f03077 master zrh-pixel-x29
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=e206602d-1c8c-4800-aac6-ee0a474da9ca
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 17 Feb 2021 13:39:28 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 59BB
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=0b24fdfc82&gdpr=0&gdpr_consent=
https://sync.go.sonobi.com/us.gif?nw=td&nuid=25cdaedb-1c69-42ce-aa53-86f520887a6e&pubid=0b24fdfc82

49 B
927 B

7015ms
45ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=td&nuid=25cdaedb-1c69-42ce-aa53-86f520887a6e&pubid=0b24fdfc82

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:24 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://sync.go.sonobi.com/us.gif?nw=td&nuid=25cdaedb-1c69-42ce-aa53-86f520887a6e&pubid=0b24fdfc82
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 227

GET
H/1.1

200
OK

usg.gif
sync.go.sonobi.com/ Frame 59BB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=YTgwODMwNTAtOTg0NC00MGE1LWJmZjgtNjRkZjkzNTZjZGE3
https://sync.go.sonobi.com/usg.gif?google_gid=CAESECSNJ8OYQWXOaZ4AuU56TMQ&google_cver=1

49 B
921 B

7035ms
45ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usg.gif?google_gid=CAESECSNJ8OYQWXOaZ4AuU56TMQ&google_cver=1

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:24 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.go.sonobi.com/usg.gif?google_gid=CAESECSNJ8OYQWXOaZ4AuU56TMQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 59BB
Redirect Chain

https://sync.1rx.io/usersync2/sonobi&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=361812077
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=361812077
https://sync.1rx.io/usersync/tradedesk/68730136-77c8-4508-ba14-7a73f5852f12
https://sync.targeting.unrulymedia.com/csync/RX-dde3ab3a-abd6-4862-9305-cd7211674471-003?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Drhythmxchange%26nuid%3DRX-dde3ab3a-abd6-4862-9305-cd7...
https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-dde3ab3a-abd6-4862-9305-cd7211674471-003

49 B
938 B

42ms
42ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-dde3ab3a-abd6-4862-9305-cd7211674471-003

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:32 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Wed, 17 Feb 2021 13:39:32 GMT
Server: Tengine
ETag: RXdde3ab3aabd648629305cd7211674471003
Transfer-Encoding: chunked
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location: https://sync.go.sonobi.com/us.gif?nw=rhythmxchange&nuid=RX-dde3ab3a-abd6-4862-9305-cd7211674471-003
Connection: keep-alive
Content-Type: text/html

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 59BB
Redirect Chain

https://x.bidswitch.net/sync?ssp=sonobi
https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=sonobi&bsw_user_id=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=sonobi&bsw_user_id=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05
https://x.bidswitch.net/sync?dsp_id=250&expires=14&user_id=9133ac4c-aeb7-443a-a625-3bdbcb5917c9&ssp=sonobi
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05

49 B
927 B

6580ms
40ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: //sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05
date: Wed, 17 Feb 2021 13:39:25 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 59BB
Redirect Chain

https://p.rfihub.com/cm?pub=35683&in=1
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1875819617197096921

49 B
910 B

53ms
45ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1875819617197096921

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:31 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1875819617197096921
Server: Jetty(9.0.6.v20130930)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 59BB
Redirect Chain

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=a8083050-9844-40a5-bff8-64df9356cda7&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=N25kMzNZRkJxWkNET0M3WEx6X1hEZw&gdpr=&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm=&google_sc=&google_hm=N25kMzNZRkJxWkNET0M3WEx6X1hEZw&gdpr=&gdpr_consent=&google_tc=
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEKkq37br_NLBFh7jbtdWDaE&google_cver=1
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=CvmD10I4KqA5

49 B
907 B

42ms
42ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=pp&nuid=CvmD10I4KqA5

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:32 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://sync.go.sonobi.com/us.gif?nw=pp&nuid=CvmD10I4KqA5
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-75d6d6d469-s7j6x
expires: -1

GET
H2 200 pd Show response
eu-u.openx.net/w/1.0/ Frame E1C7 631 B
733 B 43ms
43ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: df00e5602e4ae67c3cbf309caadaf192ec397b9a60887e1e6bfa11fe21af1233

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=27e472a2-84cb-4def-b952-8a3d1861a2ee|1613569162; pd=v2|1613569164|mWkigqiysLommOgevNgunsn0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=27e472a2-84cb-4def-b952-8a3d1861a2ee|1613569162; Version=1; Expires=Thu, 17-Feb-2022 13:39:24 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1613569164|j8mWkifcsHqGgqiysLiSommOgevNgunsn0gi; Version=1; Expires=Thu, 04-Mar-2021 13:39:24 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.202.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Wed, 17 Feb 2021 13:39:24 GMT
content-type: text/html
content-length: 411
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 236B 52 KB
17 KB 35ms
35ms Document
text/html 23.218.208.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-187.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: icu=ChgI3sJXEAoYAiACKAIwi7m0gQY4AkACSAIQi7m0gQYYAQ..; uuid2=910849219510724670
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Thu, 18 Feb 2021 13:39:26 GMT
Date: Wed, 17 Feb 2021 13:39:24 GMT
Connection: keep-alive

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 8850 37 KB
14 KB 35ms
35ms Document
text/html 23.218.208.200
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: cdn.pixfuture.com
URL: https://cdn.pixfuture.com/prebid4.19.0.js?v=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.200 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-200.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e70f46ce29bc22961327a3240b545cf419346d8c52316f774c7a7b2685914b8e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=85724
Expires: Thu, 18 Feb 2021 13:28:08 GMT
Date: Wed, 17 Feb 2021 13:39:24 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame BD0B
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=e206602d-1c8c-4800-aac6-ee0a474da9ca

43 B
122 B

42ms
42ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=e206602d-1c8c-4800-aac6-ee0a474da9ca
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:24 GMT
via: 1.1 google
server: OXGW/16.202.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Wed, 17 Feb 2021 13:39:27 GMT
Server: MT3 3518 2f03077 master zrh-pixel-x31
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=e206602d-1c8c-4800-aac6-ee0a474da9ca
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 17 Feb 2021 13:39:26 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame BD0B
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=VlXGJVEGzCJNB8ZwUwDZcARXzCdNUcV1UFBrHy4L

43 B
106 B

47ms
43ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=VlXGJVEGzCJNB8ZwUwDZcARXzCdNUcV1UFBrHy4L
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:24 GMT
via: 1.1 google
server: OXGW/16.202.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:24 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=VlXGJVEGzCJNB8ZwUwDZcARXzCdNUcV1UFBrHy4L
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame BD0B
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=748800383688539734

43 B
106 B

42ms
41ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=748800383688539734
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
via: 1.1 google
server: OXGW/16.202.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:24 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=748800383688539734
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame BD0B 70 B
264 B 50ms
48ms Image
image/gif 52.51.224.103
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=f4484dfb-2d4c-7218-e384-42d57c469113&gdpr=0
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.51.224.103 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-51-224-103.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:24 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-Q050 200 pixel
cm.g.doubleclick.net/ Frame BD0B 170 B
201 B 20ms
18ms Image
image/png 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZDgyNzllMzEtZTQzYi0yY2JjLWY2NjQtMTg2Y2I2YTQ1Zjcz

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame BD0B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELgBZU1020YCjw1O1UQDr_Q&google_cver=1

43 B
106 B

45ms
43ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELgBZU1020YCjw1O1UQDr_Q&google_cver=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:24 GMT
via: 1.1 google
server: OXGW/16.202.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:24 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELgBZU1020YCjw1O1UQDr_Q&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/ Frame DA45 2 KB
1002 B 8ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e93f66cbe9b485135f0c8bbc9eaccf882ded6eb71daadde99a8426f6db7cb31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492128&pi=t.ma~as.1139220782&w=320&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163518&bpp=23&bdt=292&idt=310&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=2&ga_vid=1723523192.1613569164&ga_sid=1613569164&ga_hid=590709438&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1798819538&scr_x=0&scr_y=0&eid=44736623%2C21068109%2C21068495%2C21068769%2C21068893&oid=3&pvsid=1620580691959385&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.hthzlhm2xcw&fsb=1&xpc=EVWxheMNe0&p=https%3A//securityaffairs.co&dtd=335
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:34:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 278
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 896
x-xss-protection: 0
server: cafe
etag: 948078048762640732
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 03 Mar 2021 13:34:46 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/ Frame DA45 18 KB
7 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4db6732268b3d9330df1068351b18e2fd1c1c6da87b5953259b022a19ddfe7a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492128&pi=t.ma~as.1139220782&w=320&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163518&bpp=23&bdt=292&idt=310&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=2&ga_vid=1723523192.1613569164&ga_sid=1613569164&ga_hid=590709438&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1798819538&scr_x=0&scr_y=0&eid=44736623%2C21068109%2C21068495%2C21068769%2C21068893&oid=3&pvsid=1620580691959385&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.hthzlhm2xcw&fsb=1&xpc=EVWxheMNe0&p=https%3A//securityaffairs.co&dtd=335
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:28:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 671
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7377
x-xss-protection: 0
server: cafe
etag: 10747045913157086108
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 03 Mar 2021 13:28:13 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/ Frame DA45 3 KB
2 KB 11ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492128&pi=t.ma~as.1139220782&w=320&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163518&bpp=23&bdt=292&idt=310&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=2&ga_vid=1723523192.1613569164&ga_sid=1613569164&ga_hid=590709438&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1798819538&scr_x=0&scr_y=0&eid=44736623%2C21068109%2C21068495%2C21068769%2C21068893&oid=3&pvsid=1620580691959385&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.hthzlhm2xcw&fsb=1&xpc=EVWxheMNe0&p=https%3A//securityaffairs.co&dtd=335
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:38:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1546
x-xss-protection: 0
server: cafe
etag: 8852521427838746165
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 03 Mar 2021 13:38:22 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DA45 107 KB
33 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44f4c4b4880af1f974aae99eb91e9fd77179ddc4d35f959159740f149804bc1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492128&pi=t.ma~as.1139220782&w=320&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163518&bpp=23&bdt=292&idt=310&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=2&ga_vid=1723523192.1613569164&ga_sid=1613569164&ga_hid=590709438&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1798819538&scr_x=0&scr_y=0&eid=44736623%2C21068109%2C21068495%2C21068769%2C21068893&oid=3&pvsid=1620580691959385&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.hthzlhm2xcw&fsb=1&xpc=EVWxheMNe0&p=https%3A//securityaffairs.co&dtd=335
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1613161046593140"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33368
x-xss-protection: 0
expires: Wed, 17 Feb 2021 13:39:24 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/ Frame DA45 14 KB
6 KB 10ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

718d8e9bf93740a3a90b67e53219319342074524b2dede8ba219eea4c41ea0c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492128&pi=t.ma~as.1139220782&w=320&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163518&bpp=23&bdt=292&idt=310&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=2&ga_vid=1723523192.1613569164&ga_sid=1613569164&ga_hid=590709438&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1798819538&scr_x=0&scr_y=0&eid=44736623%2C21068109%2C21068495%2C21068769%2C21068893&oid=3&pvsid=1620580691959385&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.hthzlhm2xcw&fsb=1&xpc=EVWxheMNe0&p=https%3A//securityaffairs.co&dtd=335
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:38:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6139
x-xss-protection: 0
server: cafe
etag: 15217341015479086142
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 03 Mar 2021 13:38:24 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame DA45 0
0 17ms
14ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSpzGLiQhxUlFF5mTbDYrKBNssJ_HLtslsTnS5ixP5ZzXXC9JlwHjebpLadBtRxP9qFUsFHLxI4v3WFIK4Z__ssxL32TQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492128&pi=t.ma~as.1139220782&w=320&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163518&bpp=23&bdt=292&idt=310&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=2&ga_vid=1723523192.1613569164&ga_sid=1613569164&ga_hid=590709438&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1798819538&scr_x=0&scr_y=0&eid=44736623%2C21068109%2C21068495%2C21068769%2C21068893&oid=3&pvsid=1620580691959385&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.hthzlhm2xcw&fsb=1&xpc=EVWxheMNe0&p=https%3A//securityaffairs.co&dtd=335
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492128&pi=t.ma~as.1139220782&w=320&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163518&bpp=23&bdt=292&idt=310&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=2&ga_vid=1723523192.1613569164&ga_sid=1613569164&ga_hid=590709438&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1798819538&scr_x=0&scr_y=0&eid=44736623%2C21068109%2C21068495%2C21068769%2C21068893&oid=3&pvsid=1620580691959385&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.hthzlhm2xcw&fsb=1&xpc=EVWxheMNe0&p=https%3A//securityaffairs.co&dtd=335
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 fa9f376fb382443f5f015f3a0c3dfed2.js Show response
www.gstatic.com/mysidia/ Frame DA45 25 KB
11 KB 37ms
21ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fa9f376fb382443f5f015f3a0c3dfed2.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b49b02fc1286f940cce0e398d850753f00338dbb321a51e2aadf996223c9c7e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492128&pi=t.ma~as.1139220782&w=320&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163518&bpp=23&bdt=292&idt=310&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=2&ga_vid=1723523192.1613569164&ga_sid=1613569164&ga_hid=590709438&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1798819538&scr_x=0&scr_y=0&eid=44736623%2C21068109%2C21068495%2C21068769%2C21068893&oid=3&pvsid=1620580691959385&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.hthzlhm2xcw&fsb=1&xpc=EVWxheMNe0&p=https%3A//securityaffairs.co&dtd=335
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 10 Feb 2021 20:13:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 10 Feb 2021 19:48:57 GMT
server: sffe
age: 581171
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10802
x-xss-protection: 0
expires: Tue, 11 May 2021 20:13:13 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame D242 3 KB
1023 B 47ms
29ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c312c8dcff723c5dcea1f1fc9cc0de63d9c7f29783cc9a0a4a1239c7619b5c7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 13:31:00 GMT
server: ESF
date: Wed, 17 Feb 2021 13:39:24 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 13:39:24 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame D169 0
748 B 40ms
40ms Script
text/html 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/dmp/async_usersync.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:24 GMT
X-Proxy-Origin: 185.156.175.187; 185.156.175.187; 723.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.142:80
AN-X-Request-Uuid: a88f1246-19c8-486c-9d44-c3b4e01cea45
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK PugMaster Show response
image6.pubmatic.com/AdServer/ Frame D8C3 8 KB
9 KB 41ms
40ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=48432970&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 1f72d586e08cf0211885038022fee9653914d76946be20b81828ff09d8206b3b

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 13:39:22 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H3-Q050 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/ Frame D242 2 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e93f66cbe9b485135f0c8bbc9eaccf882ded6eb71daadde99a8426f6db7cb31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 12:46:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3160
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 896
x-xss-protection: 0
server: cafe
etag: 948078048762640732
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 03 Mar 2021 12:46:44 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/ Frame D242 18 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4db6732268b3d9330df1068351b18e2fd1c1c6da87b5953259b022a19ddfe7a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:11:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1647
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7377
x-xss-protection: 0
server: cafe
etag: 10747045913157086108
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 03 Mar 2021 13:11:57 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/ Frame D242 3 KB
2 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:15:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1423
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1546
x-xss-protection: 0
server: cafe
etag: 8852521427838746165
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 03 Mar 2021 13:15:41 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D242 107 KB
33 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44f4c4b4880af1f974aae99eb91e9fd77179ddc4d35f959159740f149804bc1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1613161046593140"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33368
x-xss-protection: 0
expires: Wed, 17 Feb 2021 13:39:24 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/ Frame D242 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

718d8e9bf93740a3a90b67e53219319342074524b2dede8ba219eea4c41ea0c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 12:50:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2919
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6139
x-xss-protection: 0
server: cafe
etag: 15217341015479086142
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 03 Mar 2021 12:50:45 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame D242 0
0 14ms
13ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTvTi6kmqt6vIIhmL05OqxJwrebumhuvZNlWcwffRlBX-4MVma4XTCiUtjiC_4AKLRDEjm6VZrLrYk8Ul2zXzg6NdzGWA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 fa9f376fb382443f5f015f3a0c3dfed2.js Show response
www.gstatic.com/mysidia/ Frame D242 25 KB
11 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fa9f376fb382443f5f015f3a0c3dfed2.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b49b02fc1286f940cce0e398d850753f00338dbb321a51e2aadf996223c9c7e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 10 Feb 2021 20:13:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 10 Feb 2021 19:48:57 GMT
server: sffe
age: 581171
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10802
x-xss-protection: 0
expires: Tue, 11 May 2021 20:13:13 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/9578823326677890281/ Frame D242 677 B
841 B 7ms
6ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9578823326677890281/downsize_200k_v1?w=100&h=100

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d8c61b7b46c4d214451eb2ff48a6c9d17ef2b6786077a65dc0c6ea2542c24b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 04:38:44 GMT
x-content-type-options: nosniff
age: 464440
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 677
x-xss-protection: 0
last-modified: Mon, 19 Nov 2018 20:40:05 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 12 Feb 2022 04:38:44 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame F989 0
748 B 39ms
38ms Script
text/html 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/dmp/async_usersync.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:24 GMT
X-Proxy-Origin: 185.156.175.187; 185.156.175.187; 723.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.132:80
AN-X-Request-Uuid: 9cfc2356-bdd4-4e23-be49-19b57a2c3775
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame AB86
Redirect Chain

https://ad.turn.com/r/cs?pid=9&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537073061&val=4166112801591774730&gdpr=0&gdpr_consent=&us_privacy=

43 B
106 B

40ms
40ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537073061&val=4166112801591774730&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
via: 1.1 google
server: OXGW/16.202.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?id=537073061&val=4166112801591774730&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Wed, 17 Feb 2021 13:39:24 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

dds
rtb.openx.net/sync/ Frame AB86
Redirect Chain

https://rtb.openx.net/sync/dds
https://cm.g.doubleclick.net/pixel?google_nid=open&google_hm=Kx7Hx4TKyzYF8A5ir1-rqQ==&ox_sc=1&ox_init=1
https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1

43 B
146 B

34ms
34ms

Image
image/gif

35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:24 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: clear
content-length: 43
x-request-id: eaifg6lm2j6p59il6uctkg7nsrv8umnr

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 249
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 608f2bbf-bde0-e051-d253-542083115c5a
pr-bh.ybp.yahoo.com/sync/openx/ Frame AB86 43 B
706 B 35ms
33ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/openx/608f2bbf-bde0-e051-d253-542083115c5a?gdpr=0

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:24 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame AB86
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=oIAdzBXG1Lcn365

43 B
106 B

41ms
41ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537072979&val=oIAdzBXG1Lcn365
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
via: 1.1 google
server: OXGW/16.202.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:24 GMT
Server: PingMatch/v2.0.30-619-g1028223#rel-ec2-master i-05a1c1cf6bbf9fe9a@eu-central-1b@dxedge-app-eu-central-1-prod-asg
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://eu-u.openx.net/w/1.0/sd?id=537072979&val=oIAdzBXG1Lcn365
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame AB86
Redirect Chain

https://x.bidswitch.net/sync?ssp=openx
https://ads.programattik.com/sync?ssp=bidswitch&bidswitch_ssp_id=openx
https://ads.programattik.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=openx
https://x.bidswitch.net/sync?dsp_id=156&expires=14&user_id=c775c75e-a44a-48a2-ba96-662d8457657b&ssp=openx
https://us-u.openx.net/w/1.0/sd?id=537072968&val=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05

43 B
106 B

40ms
40ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072968&val=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
via: 1.1 google
server: OXGW/16.202.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: //us-u.openx.net/w/1.0/sd?id=537072968&val=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05
date: Wed, 17 Feb 2021 13:39:25 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame AB86
Redirect Chain

https://match.prod.bidr.io/cookie-sync/ox
https://match.prod.bidr.io/cookie-sync/ox?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFHZ1IwN0FXamtBQUJCanBUc3Q3UQ&bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&b...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAGgR07AWjkAABBjpTst7Q&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pp%2Csas%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAGgR07AWjkAABBjpTst7Q&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cox%26bee_sync_current_partner%3Dpp%2...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cox&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=3&ev=AAGgR07AWjkAABBjpTst7Q&pid=558502&do=add
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAGgR07AWjkAABBjpTst7Q&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dox%26bee_sync_current_part...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=ox&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=4&userid=987206037093635011
https://us-u.openx.net/w/1.0/sd?id=537125688&val=AAGgR07AWjkAABBjpTst7Q

43 B
106 B

40ms
40ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537125688&val=AAGgR07AWjkAABBjpTst7Q
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:27 GMT
via: 1.1 google
server: OXGW/16.202.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?id=537125688&val=AAGgR07AWjkAABBjpTst7Q
Date: Wed, 17 Feb 2021 13:39:27 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
strict-transport-security: max-age=2592000; includeSubDomains

GET
H3-Q050 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 823C 143 B
243 B 8ms
6ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492128&pi=t.ma~as.1139220782&w=320&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163518&bpp=23&bdt=292&idt=310&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=2&ga_vid=1723523192.1613569164&ga_sid=1613569164&ga_hid=590709438&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1798819538&scr_x=0&scr_y=0&eid=44736623%2C21068109%2C21068495%2C21068769%2C21068893&oid=3&pvsid=1620580691959385&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.hthzlhm2xcw&fsb=1&xpc=EVWxheMNe0&p=https%3A//securityaffairs.co&dtd=335
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmZEt7rnhtXQYRkeL2oOY8IS87mRSGxxo2eDxEhtJ3IXtemrrq4Zjl8bfmh
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492128&pi=t.ma~as.1139220782&w=320&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163518&bpp=23&bdt=292&idt=310&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=2&ga_vid=1723523192.1613569164&ga_sid=1613569164&ga_hid=590709438&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1798819538&scr_x=0&scr_y=0&eid=44736623%2C21068109%2C21068495%2C21068769%2C21068893&oid=3&pvsid=1620580691959385&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.hthzlhm2xcw&fsb=1&xpc=EVWxheMNe0&p=https%3A//securityaffairs.co&dtd=335

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 17 Feb 2021 13:25:56 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 808
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0E4F 1 KB
979 B 8ms
7ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492128&pi=t.ma~as.1139220782&w=320&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163518&bpp=23&bdt=292&idt=310&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=2&ga_vid=1723523192.1613569164&ga_sid=1613569164&ga_hid=590709438&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1798819538&scr_x=0&scr_y=0&eid=44736623%2C21068109%2C21068495%2C21068769%2C21068893&oid=3&pvsid=1620580691959385&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.hthzlhm2xcw&fsb=1&xpc=EVWxheMNe0&p=https%3A//securityaffairs.co&dtd=335
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492128&pi=t.ma~as.1139220782&w=320&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163518&bpp=23&bdt=292&idt=310&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=2&ga_vid=1723523192.1613569164&ga_sid=1613569164&ga_hid=590709438&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1798819538&scr_x=0&scr_y=0&eid=44736623%2C21068109%2C21068495%2C21068769%2C21068893&oid=3&pvsid=1620580691959385&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.hthzlhm2xcw&fsb=1&xpc=EVWxheMNe0&p=https%3A//securityaffairs.co&dtd=335

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 17 Feb 2021 05:59:32 GMT
expires: Thu, 18 Feb 2021 05:59:32 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 27592
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame DA45 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 56d728305bb3e7df832272820f81e3324ceb01884d538f873c202e6af173281b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 300x250.png
cdn.pixfuture.com/banners/ Frame A6B9 44 KB
45 KB 116ms
115ms Image
image/png 2606:4700:20::681a:a9c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.pixfuture.com/banners/300x250.png
Requested by: Host: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/afr.php?zoneid=5529
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a9c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6251b4b4525b9007511a48a6cda9a168f07ff77ccc4dd75759486af624a13301

Request headers

Referer: https://served-by.pixfuture.com/www/delivery/afr.php?zoneid=5529
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:25 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 03 Feb 2021 20:39:58 GMT
server: cloudflare
etag: "601b0a1e-b08b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=o%2FFyjUwNKpR%2BakjHAXFEItSWIc3Z%2FJ4LKQk9iXf8kN3GaicEQ%2BEQK%2FXg3JVsEbcKhrzjn7P9FnOIiNEjnFmjeHMwcxHuqbysqqhYenx8QEhXqHf1StFhF2MDEJg0Rg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=172800, public, no-transform
accept-ranges: bytes
cf-ray: 622fea1208124bdd-AMS
content-length: 45195
cf-request-id: 0851d09f4d00004bdd3800f000000001
expires: Fri, 19 Feb 2021 13:39:25 GMT

GET
H3-Q050 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4C85 143 B
169 B 7ms
6ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmZEt7rnhtXQYRkeL2oOY8IS87mRSGxxo2eDxEhtJ3IXtemrrq4Zjl8bfmh
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 17 Feb 2021 13:25:56 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 809
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 1F3D 1 KB
755 B 6ms
6ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 17 Feb 2021 05:59:32 GMT
expires: Thu, 18 Feb 2021 05:59:32 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 27593
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame F4E2 43 B
326 B 130ms
43ms Document
image/gif 178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=48432970&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

:method: GET
:authority: dis.criteo.com
:scheme: https
:path: /dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/showad.js
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: Wed, 17 Feb 2021 00:00:00 GMT
server: Microsoft-IIS/10.0
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
server-processing-duration-in-ticks: 1272
x-powered-by: ASP.NET
date: Wed, 17 Feb 2021 13:39:24 GMT
content-length: 43

GET
H/1.1

200
OK

Cookie set Pug Show response
image2.pubmatic.com/AdServer/ Frame 41BB
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=1408901815299007048

42 B
849 B

33ms
33ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=1408901815299007048
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=48432970&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: image2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/showad.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; KADUSERCOOKIE=E60952DF-2B40-48F7-9D12-884507708F09; PUBMDCID=3; KRTBCOOKIE_107=1471-uid:oIAdzBXG1Lcn365; KRTBCOOKIE_27=16735-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&KRTB&16736-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&KRTB&23019-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&KRTB&23114-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca; KRTBCOOKIE_391=22924-748800383688539734; KRTBCOOKIE_377=6810-25cdaedb-1c69-42ce-aa53-86f520887a6e&KRTB&22918-25cdaedb-1c69-42ce-aa53-86f520887a6e&KRTB&23031-25cdaedb-1c69-42ce-aa53-86f520887a6e; KRTBCOOKIE_22=14911-4166112801591774730; KRTBCOOKIE_594=17105-RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003&KRTB&17107-RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003; KRTBCOOKIE_1074=22956-e_d574ea0e-5539-4ab0-ac87-661fde849d38; KRTBCOOKIE_409=22966-ze1MPIDzbyJHHFex1rbUWVTT&KRTB&23212-ze1MPIDzbyJHHFex1rbUWVTT; KRTBCOOKIE_153=19420-udyigL6PqIeijqLVvIm91eveqIKi2KHQv9ln-pGS&KRTB&22979-udyigL6PqIeijqLVvIm91eveqIKi2KHQv9ln-pGS; KRTBCOOKIE_80=16514-CAESED77e1pglK8XWemkl5xzF5U&KRTB&22987-CAESED77e1pglK8XWemkl5xzF5U&KRTB&23025-CAESED77e1pglK8XWemkl5xzF5U; KRTBCOOKIE_57=22776-910849219510724670; KRTBCOOKIE_699=22727-AAGgR07AWjkAABBjpTst7Q; KRTBCOOKIE_188=3189-6b3ff109-d5b4-4d00-a46d-57a113c97e89-602d1c8e-4348; PugT=1613569167; SPugT=1613569167; DPSync3=1614729600%3A219_197_201_227_226_221%7C1613606400%3A174; SyncRTB3=1614729600%3A54_99_223_165_81_7_8_161_204_21_220_88_166_222_78_5_3_56_71_189_55_22_176_13_104%7C1614124800%3A67_15_2%7C1616112000%3A203%7C1618704000%3A69%7C1614816000%3A35%7C1614384000%3A63; pi=158127:4; chkChromeAb67Sec=3
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

Date: Wed, 17 Feb 2021 13:39:28 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
Set-Cookie: KRTBCOOKIE_336=5844-1408901815299007048; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 19-Mar-2021 13:39:28 GMT; path=/ PugT=1613569168; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 19-Mar-2021 13:39:28 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 18-May-2021 13:39:28 GMT; path=/
X-lat: Pug22028:0:404
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
X-Cnection: close
Content-Type: image/gif; charset=utf-8

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=1408901815299007048
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H/1.1

200
OK

Cookie set Pug Show response
image2.pubmatic.com/AdServer/ Frame 53EA
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFHejMwN0FXamtBQUJBUzdtc0phZw&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAGz307AWjkAABAS7msJag&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%2...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AAGz307AWjkAABAS7msJag&pid=558502&do=add
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAGgR07AWjkAABBjpTst7Q&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_part...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=5223108947134010363
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAGgR07AWjkAABBjpTst7Q

42 B
977 B

33ms
33ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAGgR07AWjkAABBjpTst7Q
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=48432970&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: image2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/showad.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; pi=158127:2; KADUSERCOOKIE=E60952DF-2B40-48F7-9D12-884507708F09; chkChromeAb67Sec=1; DPSync3=1614729600%3A201_227_226_221; SyncRTB3=1614729600%3A21_22_189_220_88_3_13_56_7_55_71_8_166_204_54_161_223_165_81_176_222_78_5_99%7C1614124800%3A2_15_67%7C1616112000%3A203%7C1614816000%3A35%7C1614384000%3A63; PUBMDCID=3; KRTBCOOKIE_107=1471-uid:oIAdzBXG1Lcn365; KRTBCOOKIE_27=16735-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&KRTB&16736-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&KRTB&23019-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&KRTB&23114-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca; KRTBCOOKIE_391=22924-748800383688539734; KRTBCOOKIE_377=6810-25cdaedb-1c69-42ce-aa53-86f520887a6e&KRTB&22918-25cdaedb-1c69-42ce-aa53-86f520887a6e&KRTB&23031-25cdaedb-1c69-42ce-aa53-86f520887a6e; KRTBCOOKIE_22=14911-4166112801591774730; KRTBCOOKIE_594=17105-RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003&KRTB&17107-RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003; KRTBCOOKIE_1074=22956-e_d574ea0e-5539-4ab0-ac87-661fde849d38; KRTBCOOKIE_409=22966-ze1MPIDzbyJHHFex1rbUWVTT&KRTB&23212-ze1MPIDzbyJHHFex1rbUWVTT; PugT=1613569166; KRTBCOOKIE_153=19420-udyigL6PqIeijqLVvIm91eveqIKi2KHQv9ln-pGS&KRTB&22979-udyigL6PqIeijqLVvIm91eveqIKi2KHQv9ln-pGS; KRTBCOOKIE_80=16514-CAESED77e1pglK8XWemkl5xzF5U&KRTB&22987-CAESED77e1pglK8XWemkl5xzF5U&KRTB&23025-CAESED77e1pglK8XWemkl5xzF5U; KRTBCOOKIE_57=22776-910849219510724670; KRTBCOOKIE_699=22727-AAGgR07AWjkAABBjpTst7Q; KRTBCOOKIE_188=3189-6b3ff109-d5b4-4d00-a46d-57a113c97e89-602d1c8e-4348
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

Date: Wed, 17 Feb 2021 13:39:27 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
Set-Cookie: KRTBCOOKIE_699=22727-AAGgR07AWjkAABBjpTst7Q; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 19-Mar-2021 13:39:27 GMT; path=/ PugT=1613569167; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 19-Mar-2021 13:39:27 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 18-May-2021 13:39:27 GMT; path=/
X-lat: Pug22010:0:385
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
X-Cnection: close
Content-Type: image/gif; charset=utf-8

Redirect headers

Date: Wed, 17 Feb 2021 13:39:26 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAGgR07AWjkAABBjpTst7Q
Server: nginx
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive

GET
H/1.1

200
OK

Cookie set Pug Show response
simage2.pubmatic.com/AdServer/ Frame 5C10
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6930226823591753881

42 B
975 B

40ms
40ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6930226823591753881
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=48432970&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: simage2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/showad.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

Date: Wed, 17 Feb 2021 13:39:31 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
Set-Cookie: KRTBCOOKIE_1101=23040-6930226823591753881; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 19-Mar-2021 13:39:31 GMT; path=/ PugT=1613569171; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 19-Mar-2021 13:39:31 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 18-May-2021 13:39:31 GMT; path=/
X-lat: Pug23029:0:282
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
X-Cnection: close
Content-Type: image/gif; charset=utf-8

Redirect headers

Server: nginx
Date: Wed, 17 Feb 2021 13:39:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Set-Cookie: UserID1=6930226823591753881; Max-Age=7776000; domain=.adfarm1.adition.com; Path=/; SameSite=None; Secure
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6930226823591753881

GET
H/1.1

200
OK

Cookie set Pug Show response
image2.pubmatic.com/AdServer/ Frame FDAC
Redirect Chain

https://green.erne.co/pubmatic/cm?
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=ze1MPIDzbyJHHFex1rbUWVTT

42 B
891 B

93ms
33ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=ze1MPIDzbyJHHFex1rbUWVTT
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=48432970&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: image2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/showad.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; pi=158127:2; KADUSERCOOKIE=E60952DF-2B40-48F7-9D12-884507708F09; chkChromeAb67Sec=1; DPSync3=1614729600%3A201_227_226_221; SyncRTB3=1614729600%3A21_22_189_220_88_3_13_56_7_55_71_8_166_204_54_161_223_165_81_176_222_78_5_99%7C1614124800%3A2_15_67%7C1616112000%3A203%7C1614816000%3A35%7C1614384000%3A63; PUBMDCID=3; KRTBCOOKIE_107=1471-uid:oIAdzBXG1Lcn365; KRTBCOOKIE_27=16735-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&KRTB&16736-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&KRTB&23019-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&KRTB&23114-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca; KRTBCOOKIE_391=22924-748800383688539734; KRTBCOOKIE_377=6810-25cdaedb-1c69-42ce-aa53-86f520887a6e&KRTB&22918-25cdaedb-1c69-42ce-aa53-86f520887a6e&KRTB&23031-25cdaedb-1c69-42ce-aa53-86f520887a6e; PugT=1613569165; KRTBCOOKIE_22=14911-4166112801591774730; KRTBCOOKIE_594=17105-RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003&KRTB&17107-RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003; KRTBCOOKIE_1074=22956-e_d574ea0e-5539-4ab0-ac87-661fde849d38
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

Date: Wed, 17 Feb 2021 13:39:26 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
Set-Cookie: KRTBCOOKIE_409=22966-ze1MPIDzbyJHHFex1rbUWVTT&KRTB&23212-ze1MPIDzbyJHHFex1rbUWVTT; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 19-Mar-2021 13:39:26 GMT; path=/ PugT=1613569166; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 19-Mar-2021 13:39:26 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 18-May-2021 13:39:26 GMT; path=/
X-lat: Pug22057:0:432
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
X-Cnection: close
Content-Type: image/gif; charset=utf-8

Redirect headers

server: openresty
date: Wed, 17 Feb 2021 13:39:26 GMT
content-length: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
set-cookie: u=ze1MPIDzbyJHHFex1rbUWVTT; Max-Age=63072000; Domain=.erne.co; Path=/; Secure; SameSite=None
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=ze1MPIDzbyJHHFex1rbUWVTT
strict-transport-security: max-age=0; includeSubDomains;

GET
H/1.1

200
OK

Cookie set Pug Show response
simage2.pubmatic.com/AdServer/ Frame ABE8
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003&rndcb=620008433
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=adconductor
https://x.bidswitch.net/sync?dsp_id=70&user_id=748800383688539734&ssp=adconductor
https://sync.1rx.io/usersync/bidswitch/de38bc93-46ad-4b4e-91f4-e33f9fe6fc05?gdpr=&gdpr_consent=
https://sync.targeting.unrulymedia.com/csync/RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003

42 B
1 KB

50ms
41ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=48432970&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: simage2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/showad.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; pi=158127:2; KADUSERCOOKIE=E60952DF-2B40-48F7-9D12-884507708F09; chkChromeAb67Sec=1; DPSync3=1614729600%3A201_227_226_221; SyncRTB3=1614729600%3A21_22_189_220_88_3_13_56_7_55_71_8_166_204_54_161_223_165_81_176_222_78_5_99%7C1614124800%3A2_15_67%7C1616112000%3A203%7C1614816000%3A35%7C1614384000%3A63; PUBMDCID=3; KRTBCOOKIE_107=1471-uid:oIAdzBXG1Lcn365; KRTBCOOKIE_27=16735-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&KRTB&16736-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&KRTB&23019-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&KRTB&23114-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca; KRTBCOOKIE_391=22924-748800383688539734; PugT=1613569164
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

Date: Wed, 17 Feb 2021 13:39:25 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
Set-Cookie: KRTBCOOKIE_594=17105-RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003&KRTB&17107-RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 18-May-2021 13:39:25 GMT; path=/ PugT=1613569165; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 19-Mar-2021 13:39:25 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 18-May-2021 13:39:25 GMT; path=/
X-lat: Pug23025:0:475
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
X-Cnection: close
Content-Type: image/gif; charset=utf-8

Redirect headers

Server: Tengine
Date: Wed, 17 Feb 2021 13:39:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: _rxuuid=%7B%22rx_uuid%22%3A%22RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003%22%7D; path=/; expires=Thu, 17 Feb 2022 13:39:25 GMT; domain=.targeting.unrulymedia.com; samesite=none; secure; httponly
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003
ETag: RXd33d24762f1e4b2dbf19669dcba4c78d003

GET
H/1.1 200
OK bridge Show response
cm.adgrx.com/ Frame 1E64 43 B
408 B 1350ms
32ms Document
image/gif 173.231.181.122
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=48432970&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.231.181.122 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: Cowboy /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Host: cm.adgrx.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/showad.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

Date: Wed, 17 Feb 2021 13:39:26 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
server: Cowboy
X-RealServer-NX: ams-delivery-3
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: Thu, 23 Sep 2004 17:42:04 GMT
P3P: CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin: *

GET
H2

200

i.match Show response
s.tribalfusion.com/z/ Frame 2786
Redirect Chain

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...

43 B
548 B

201ms
199ms

Document
image/gif

104.18.12.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=48432970&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.12.5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

:method: GET
:authority: s.tribalfusion.com
:scheme: https
:path: /z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/showad.js
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: ANON_ID=asnoeUxZduBnRApTpshdVtxyTFcQtQ7FqfAP5PkN5
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

date: Wed, 17 Feb 2021 13:39:33 GMT
content-type: image/gif; charset=utf-8
content-length: 43
set-cookie: __cfduid=da22e9d51f08a147672574ce7d2335df51613569173; expires=Fri, 19-Mar-21 13:39:33 GMT; path=/; domain=.tribalfusion.com; HttpOnly; SameSite=Lax ANON_ID=aNnseFyg6AarA7u8QGkNJJ9ETFn12j2kZbiKbQrWUheGSLKYZafhQRa5EIwTUb2kiG8cfKMM57Dh3oECeSQehE; path=/; domain=.tribalfusion.com; expires=Tue, 18-May-2021 13:39:33 GMT; SameSite=None; Secure; ANON_ID_old=aNnseFyg6AarA7u8QGkNJJ9ETFn12j2kZbiKbQrWUheGSLKYZafhQRa5EIwTUb2kiG8cfKMM57Dh3oECeSQehE; path=/; domain=.tribalfusion.com; expires=Tue, 18-May-2021 13:39:33 GMT;
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 302
cache-control: no-cache private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
cf-cache-status: DYNAMIC
cf-request-id: 0851d0bf6d0000cc560f11e000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 622fea457a9acc56-ZRH
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date: Wed, 17 Feb 2021 13:39:33 GMT
content-type: text/html
set-cookie: __cfduid=d9bfe48a0ca3b2c189615ccc414b1ce331613569172; expires=Fri, 19-Mar-21 13:39:32 GMT; path=/; domain=.tribalfusion.com; HttpOnly; SameSite=Lax ANON_ID=asnoeUxZduBnRApTpshdVtxyTFcQtQ7FqfAP5PkN5; path=/; domain=.tribalfusion.com; expires=Tue, 18-May-2021 13:39:33 GMT; SameSite=None; Secure; ANON_ID_old=asnoeUxZduBnRApTpshdVtxyTFcQtQ7FqfAP5PkN5; path=/; domain=.tribalfusion.com; expires=Tue, 18-May-2021 13:39:33 GMT;
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 206
x-reuse-index: 1
cache-control: no-cache private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
location: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
cf-cache-status: DYNAMIC
cf-request-id: 0851d0bc280000cc564b805000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 622fea403f1ccc56-ZRH
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1

200
OK

Cookie set Pug Show response
simage2.pubmatic.com/AdServer/ Frame 7E1D
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=557219&ev=1&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&piggybackCookie=%%VGUID%%
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=8btlb0mHgz6g&pid=557219

1 B
667 B

40ms
40ms

Document
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=8btlb0mHgz6g&pid=557219
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=48432970&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Host: simage2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/showad.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; pi=158127:2; KADUSERCOOKIE=E60952DF-2B40-48F7-9D12-884507708F09; chkChromeAb67Sec=1; DPSync3=1614729600%3A201_227_226_221; SyncRTB3=1614729600%3A21_22_189_220_88_3_13_56_7_55_71_8_166_204_54_161_223_165_81_176_222_78_5_99%7C1614124800%3A2_15_67%7C1616112000%3A203%7C1614816000%3A35%7C1614384000%3A63; PUBMDCID=3; KRTBCOOKIE_107=1471-uid:oIAdzBXG1Lcn365; KRTBCOOKIE_27=16735-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&KRTB&16736-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&KRTB&23019-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&KRTB&23114-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca; KRTBCOOKIE_391=22924-748800383688539734; KRTBCOOKIE_377=6810-25cdaedb-1c69-42ce-aa53-86f520887a6e&KRTB&22918-25cdaedb-1c69-42ce-aa53-86f520887a6e&KRTB&23031-25cdaedb-1c69-42ce-aa53-86f520887a6e; PugT=1613569165; KRTBCOOKIE_22=14911-4166112801591774730; KRTBCOOKIE_594=17105-RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003&KRTB&17107-RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

Date: Wed, 17 Feb 2021 13:39:24 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
Set-Cookie: PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 18-May-2021 13:39:24 GMT; path=/
X-lat: Pug23039:0:262
Content-Length: 1
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
X-Cnection: close
Content-Type: text/html; charset=utf-8

Redirect headers

p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cw-server: bh-deployment-75d6d6d469-twgf6
cache-control: private, max-age=0, no-cache, no-store
expires: -1
content-language: en-US
set-cookie: V=8btlb0mHgz6g;Version=0;Secure;Path=/;Domain=.contextweb.com;Expires=Sat, 12-Feb-2022 13:39:25 GMT;Max-Age=31104000;SameSite=None INGRESSCOOKIE=3ef9869572c45cde; path=/; HttpOnly; Secure; SameSite=None
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=8btlb0mHgz6g&pid=557219
server: Jetty(9.4.14.v20181114)
strict-transport-security: max-age=15768000

GET
H2

200

rtb-h Show response
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame 3268
Redirect Chain

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=89bc7e3d-000c-455e-ac37-388e05573523-tuct726a21c&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...

0
53 B

39ms
37ms

Document
text/plain

199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=89bc7e3d-000c-455e-ac37-388e05573523-tuct726a21c&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=48432970&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: match.taboola.com
:scheme: https
:path: /sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=89bc7e3d-000c-455e-ac37-388e05573523-tuct726a21c&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/showad.js
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: t_gid=89bc7e3d-000c-455e-ac37-388e05573523-tuct726a21c
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

server: nginx
accept-ranges: bytes
date: Wed, 17 Feb 2021 13:39:40 GMT
via: 1.1 varnish
x-served-by: cache-hhn11559-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1613569181.810891,VS0,VE8
content-length: 0

Redirect headers

server: nginx
set-cookie: t_gid=89bc7e3d-000c-455e-ac37-388e05573523-tuct726a21c;Version=1;Path=/;Domain=.taboola.com;Expires=Thu, 17-Feb-2022 13:39:40 GMT;Max-Age=31536000;Secure;SameSite=None
location: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=89bc7e3d-000c-455e-ac37-388e05573523-tuct726a21c&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
accept-ranges: bytes
date: Wed, 17 Feb 2021 13:39:40 GMT
via: 1.1 varnish
x-served-by: cache-hhn11559-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1613569181.720667,VS0,VE58
x-vcl-time-ms: 58
content-length: 0

GET
H2

200

check Show response
pixel.tapad.com/idsync/ex/receive/ Frame E93A
Redirect Chain

https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxODQmdGw9MTU3NjgwMA==&r=https://pixel.tapad.com/idsync/ex/receive?partner_id=PUBMATIC_RTB&partner_device_id=${PUBMATIC_UID}
https://pixel.tapad.com/idsync/ex/receive?partner_id=PUBMATIC_RTB
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=PUBMATIC_RTB

95 B
165 B

34ms
34ms

Document
image/png

35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=PUBMATIC_RTB

Requested by

Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=48432970&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

159.248.227.35.bc.googleusercontent.com

Software

Jetty(9.4.28.v20200408) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: pixel.tapad.com
:scheme: https
:path: /idsync/ex/receive/check?partner_id=PUBMATIC_RTB
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/showad.js
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: TapAd_TS=1613569172535; TapAd_DID=90ffe474-7125-11eb-b4d1-02d3ff5af182
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

date: Wed, 17 Feb 2021 13:39:32 GMT
strict-transport-security: max-age=31536000
content-type: image/png
content-length: 95
server: Jetty(9.4.28.v20200408)
via: 1.1 google
alt-svc: clear

Redirect headers

date: Wed, 17 Feb 2021 13:39:32 GMT
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
set-cookie: TapAd_TS=1613569172535;Expires=Sun, 18 Apr 2021 13:39:32 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None TapAd_DID=90ffe474-7125-11eb-b4d1-02d3ff5af182;Expires=Sun, 18 Apr 2021 13:39:32 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=PUBMATIC_RTB
content-length: 0
server: Jetty(9.4.28.v20200408)
via: 1.1 google
alt-svc: clear

GET
H/1.1

200
OK

Cookie set Pug Show response
simage2.pubmatic.com/AdServer/ Frame 4007
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:oIAdzBXG1Lcn365&gdpr=0&gdpr_consent=

42 B
973 B

157ms
40ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:oIAdzBXG1Lcn365&gdpr=0&gdpr_consent=
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=48432970&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: simage2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/showad.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; pi=158127:2; KADUSERCOOKIE=E60952DF-2B40-48F7-9D12-884507708F09; chkChromeAb67Sec=1; DPSync3=1614729600%3A201_227_226_221; SyncRTB3=1614729600%3A21_22_189_220_88_3_13_56_7_55_71_8_166_204_54_161_223_165_81_176_222_78_5_99%7C1614124800%3A2_15_67%7C1616112000%3A203%7C1614816000%3A35%7C1614384000%3A63
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

Date: Wed, 17 Feb 2021 13:39:25 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
Set-Cookie: KRTBCOOKIE_107=1471-uid:oIAdzBXG1Lcn365; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 18-May-2021 13:39:25 GMT; path=/ PugT=1613569165; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 19-Mar-2021 13:39:25 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 18-May-2021 13:39:25 GMT; path=/
X-lat: Pug23009:0:269
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
X-Cnection: close
Content-Type: image/gif; charset=utf-8

Redirect headers

Cache-Control: no-cache, must-revalidate
Date: Wed, 17 Feb 2021 13:39:24 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:oIAdzBXG1Lcn365&gdpr=0&gdpr_consent=
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Pragma: no-cache
Server: PingMatch/v2.0.30-619-g1028223#rel-ec2-master i-015d5badb48c29580@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Set-Cookie: wfivefivec=oIAdzBXG1Lcn365; Domain=.w55c.net; Expires=Thu, 17-Mar-2022 13:39:25 GMT; Path=/; SameSite=None; Secure matchpubmatic=5; Domain=.w55c.net; Expires=Fri, 19-Mar-2021 13:39:25 GMT; Path=/; SameSite=None; Secure
Content-Length: 0
Connection: keep-alive

GET
H/1.1

200
OK

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame D8C3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=5glS3ytASPedEohFB3CPCQ%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

8 KB
8 KB

29ms
29ms

Image
text/html

23.218.208.200
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.200 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-200.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 13:39:25 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Oct 2020 18:57:29 GMT
Server: Apache/2.2.15 (CentOS)
ETag: "1300708-1f78-5b232eb4914bb"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: max-age=91598
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 2654
Expires: Thu, 18 Feb 2021 15:06:03 GMT

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 mw
mwzeom.zeotap.com/ Frame D8C3 95 B
387 B 36ms
29ms Image
image/png 2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&gdpr=0&gdpr_consent=&cid=E60952DF-2B40-48F7-9D12-884507708F09
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:25 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 622fea126a22dfd7-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0851d09f7d0000dfd7a82aa000000001

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame D8C3
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=E60952DF-2B40-48F7-9D12-884507708F09&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=E60952DF-2B40-48F7-9D12-884507708F09&sInitiator=external&gdpr=0&gdpr_consent=

42 B
604 B

48ms
48ms

Image
image/gif

77.243.60.138
NETIC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=E60952DF-2B40-48F7-9D12-884507708F09&sInitiator=external&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 77.243.60.138 Aalborg, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:24 GMT
frontend-id: 13
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin: *
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 42
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:24 GMT
frontend-id: 9
location: /pubmatic/1/info2?sType=sync&sExtCookieId=E60952DF-2B40-48F7-9D12-884507708F09&sInitiator=external&gdpr=0&gdpr_consent=
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin: *
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H/1.1

200
OK

Artemis
aud.pubmatic.com/AdServer/ Frame D8C3
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=E60952DF-2B40-48F7-9D12-884507708F09&gdpr=
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=E60952DF-2B40-48F7-9D12-884507708F09&gdpr=&fbounce=1
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=E60952DF-2B40-48F7-9D12-884507708F09&addseg=31

7 B
147 B

129ms
42ms

Image
text/plain

185.64.190.106
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=E60952DF-2B40-48F7-9D12-884507708F09&addseg=31
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.64.190.106 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 13:39:32 GMT
Connection: keep-alive
Content-Length: 7
Content-Type: text/plain; charset=utf-8

Redirect headers

date: Wed, 17 Feb 2021 13:39:32 GMT
via: 1.1 google
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=E60952DF-2B40-48F7-9D12-884507708F09&addseg=31
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type: text/html; charset=utf-8
alt-svc: clear
content-length: 135

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame D8C3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RTYwOTUyREYtMkI0MC00OEY3LTlEMTItODg0NTA3NzA4RjA5&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
585 B

1243ms
33ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:26 GMT
X-lat: Pug22053:0:421
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame D8C3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESED77e1pglK8XWemkl5xzF5U&google_cver=1

42 B
935 B

1210ms
33ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESED77e1pglK8XWemkl5xzF5U&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:26 GMT
X-lat: Pug22018:0:535
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESED77e1pglK8XWemkl5xzF5U&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame D8C3 43 B
611 B 3001ms
32ms Image
image/gif 159.253.128.188
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.253.128.188 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),

Reverse DNS

bc.80.fd9f.ip4.static.sl-reverse.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:28 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Tue, 16 Feb 2021 13:39:28 GMT

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame D8C3
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=748800383688539734

42 B
973 B

142ms
40ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=748800383688539734
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:24 GMT
X-lat: Pug23039:0:305
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
server: nginx
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=748800383688539734
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
expires: -1

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame D8C3
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=25cdaedb-1c69-42ce-aa53-86f520887a6e

42 B
1 KB

145ms
40ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=25cdaedb-1c69-42ce-aa53-86f520887a6e
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:25 GMT
X-lat: Pug23006:0:385
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=25cdaedb-1c69-42ce-aa53-86f520887a6e
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 313

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame D8C3
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&gdpr=0&gdpr_consent=

42 B
1 KB

125ms
40ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:23 GMT
X-lat: Pug23045:0:292
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Date: Wed, 17 Feb 2021 13:39:28 GMT
Server: MT3 3518 2f03077 master zrh-pixel-x31
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 17 Feb 2021 13:39:27 GMT

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame D8C3
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=910849219510724670&gdpr=0&gdpr_consent=

42 B
848 B

1271ms
33ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=910849219510724670&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:26 GMT
X-lat: Pug22039:0:560
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:25 GMT
X-Proxy-Origin: 185.156.175.187; 185.156.175.187; 723.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.121:80
AN-X-Request-Uuid: 8a7d8264-09f5-41dc-9f34-e55f9c73432d
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=910849219510724670&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

SPug
image4.pubmatic.com/AdServer/ Frame D8C3
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=E60952DF-2B40-48F7-9D12-884507708F09&redir=true&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-SpCEjXB1l2LCDbbMjKiZTCMCjUVYSj8-&gdpr=0&gdpr_consent=

0
587 B

3950ms
34ms

Image
text/plain

185.64.189.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-SpCEjXB1l2LCDbbMjKiZTCMCjUVYSj8-&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Date: Wed, 17 Feb 2021 13:39:28 GMT
Content-Encoding: gzip
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-cache
Transfer-Encoding: chunked
Content-Type: text/plain; charset=utf-8

Redirect headers

Date: Wed, 17 Feb 2021 13:39:25 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-SpCEjXB1l2LCDbbMjKiZTCMCjUVYSj8-&gdpr=0&gdpr_consent=
Connection: keep-alive
Content-Length: 0

GET
H2 200 E60952DF-2B40-48F7-9D12-884507708F09
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame D8C3 43 B
192 B 37ms
32ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/E60952DF-2B40-48F7-9D12-884507708F09?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:25 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame D8C3
Redirect Chain

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=udyigL6PqIeijqLVvIm91eveqIKi2KHQv9ln-pGS

42 B
923 B

1178ms
33ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=udyigL6PqIeijqLVvIm91eveqIKi2KHQv9ln-pGS
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:26 GMT
X-lat: Pug22024:0:491
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=udyigL6PqIeijqLVvIm91eveqIKi2KHQv9ln-pGS
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame D8C3
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://sonata-notifications.taptapnetworks.com/web/cookie/bidswitch/sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05&gdpr=0&gdpr_consent=&gdpr_pd=
https://x.bidswitch.net/sync?dsp_id=413&ssp=pubmatic&user_id=csonata_aa6eaed4-eecb-431e-9993-1d03aa861147&bsw_param=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05&expires=10
https://x.bidswitch.net/ul_cb/sync?dsp_id=413&ssp=pubmatic&user_id=csonata_aa6eaed4-eecb-431e-9993-1d03aa861147&bsw_param=de38bc93-46ad-4b4e-91f4-e33f9fe6fc05&expires=10
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=aac71abd-271b-46ef-a84a-f464090361bb&gdpr=&gdpr_consent=&gdpr_pd=

1 B
949 B

40ms
40ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=aac71abd-271b-46ef-a84a-f464090361bb&gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:32 GMT
X-lat: Pug23018:0:328
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=aac71abd-271b-46ef-a84a-f464090361bb&gdpr=&gdpr_consent=&gdpr_pd=
date: Wed, 17 Feb 2021 13:39:32 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame D8C3
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4166112801591774730&gdpr=0&gdpr_consent=&us_privacy=

1 B
931 B

149ms
40ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4166112801591774730&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:25 GMT
X-lat: Pug23009:0:294
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4166112801591774730&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Wed, 17 Feb 2021 13:39:24 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame D8C3
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YC0ckAAAALSK8FZV&gdpr=0&gdpr_consent=&_test=YC0ckAAAALSK8FZV

1 B
1013 B

41ms
40ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YC0ckAAAALSK8FZV&gdpr=0&gdpr_consent=&_test=YC0ckAAAALSK8FZV
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:28 GMT
X-lat: Pug23003:0:339
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:28 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1613569169.560936,VS0,VE0
x-served-by: cache-hhn4054-HHN
x-cache: HIT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YC0ckAAAALSK8FZV&gdpr=0&gdpr_consent=&_test=YC0ckAAAALSK8FZV
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame D8C3
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=6b3ff109-d5b4-4d00-a46d-57a113c97e89-602d1c8e-4348&gdpr=0&gdpr_consent=

42 B
880 B

34ms
33ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=6b3ff109-d5b4-4d00-a46d-57a113c97e89-602d1c8e-4348&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:26 GMT
X-lat: Pug22064:0:395
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:26 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=6b3ff109-d5b4-4d00-a46d-57a113c97e89-602d1c8e-4348&gdpr=0&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame D8C3
Redirect Chain

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:805cc105-a899-4548-9c14-25a81c1c7ec7&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

42 B
709 B

40ms
40ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:805cc105-a899-4548-9c14-25a81c1c7ec7&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:25 GMT
X-lat: Pug23025:0:285
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:805cc105-a899-4548-9c14-25a81c1c7ec7&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date: Wed, 17 Feb 2021 13:39:25 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame D8C3 0
103 B 23ms
23ms Image
text/plain 2a02:fa8:8806:16::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=E60952DF-2B40-48F7-9D12-884507708F09&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1370 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2 502 apn
ads.playground.xyz/usersync/ Frame D8C3 0
0 29ms
28ms Image
text/html 52.28.129.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.129.241 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame D8C3
Redirect Chain

https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_d574ea0e-5539-4ab0-ac87-661fde849d38

42 B
994 B

41ms
40ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_d574ea0e-5539-4ab0-ac87-661fde849d38
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:25 GMT
X-lat: Pug23027:0:339
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_d574ea0e-5539-4ab0-ac87-661fde849d38
date: Wed, 17 Feb 2021 13:39:25 GMT
p3p: CP="This is not a P3P policy"
server: nginx
timing-allow-origin: *
content-length: 0
content-language: en-US

GET
DATA 200
OK truncated
/ Frame D242 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7d1c7d7f12f8438029e802f7dbf56969528d9b066eaa8c59aa1278ce87096e4c

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwZsPF4o.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame DA45 14 KB
15 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwZsPF4o.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1daab0f66666bc3a1d05d70de979a80680d985cc924e233fab61eef2d03bafe2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 18:30:53 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:17 GMT
server: sffe
age: 68912
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14816
x-xss-protection: 0
expires: Wed, 16 Feb 2022 18:30:53 GMT

GET
H2 200 4UaGrENHsxJlGDuGo1OIlL3Owp5eKQtG.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame DA45 14 KB
14 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp5eKQtG.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f199a20f1fee7dec152b3591272f9715b536ed88b4c36194488fd5a734caf707

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 12:56:41 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:06 GMT
server: sffe
age: 520964
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14608
x-xss-protection: 0
expires: Fri, 11 Feb 2022 12:56:41 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 236B 0
747 B 45ms
45ms Script
text/html 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/dmp/async_usersync.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:25 GMT
X-Proxy-Origin: 185.156.175.187; 185.156.175.187; 723.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.39:80
AN-X-Request-Uuid: 05fc0f39-1c5d-4d3e-8784-cf5f9ad22cd6
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame E1C7
Redirect Chain

https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=910849219510724670

43 B
106 B

41ms
40ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537072399&val=910849219510724670
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
via: 1.1 google
server: OXGW/16.202.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:25 GMT
X-Proxy-Origin: 185.156.175.187; 185.156.175.187; 723.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.82:80
AN-X-Request-Uuid: f56b0155-5143-4f68-932b-5125d9d07986
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://eu-u.openx.net/w/1.0/sd?id=537072399&val=910849219510724670
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 current
openx2-match.dotomi.com/match/bounce/ Frame E1C7 0
104 B 111ms
62ms Image
text/plain 2a02:fa8:8806:13::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://openx2-match.dotomi.com/match/bounce/current?networkId=15900&version=1&nuid={OX_USER_ID}
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1400 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame E1C7
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=4&gdpr=0
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=4&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072977&val=6b3ff109-d5b4-4d00-a46d-57a113c97e89-602d1c8e-4348&gdpr=0&gdpr_consent=

43 B
106 B

42ms
41ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072977&val=6b3ff109-d5b4-4d00-a46d-57a113c97e89-602d1c8e-4348&gdpr=0&gdpr_consent=
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:26 GMT
via: 1.1 google
server: OXGW/16.202.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://us-u.openx.net/w/1.0/sd?id=537072977&val=6b3ff109-d5b4-4d00-a46d-57a113c97e89-602d1c8e-4348&gdpr=0&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 200 ox
match.justpremium.com/match/ Frame E1C7 43 B
323 B 7295ms
45ms Image
image/gif 18.184.181.235
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.justpremium.com/match/ox?ex_uid=bec9830b-7afd-4872-b19a-c4e37d33d229
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.181.235 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:32 GMT
content-length: 43
content-type: image/gif

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame E1C7
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
https://sync-tm.everesttech.net/ct/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D&_test=YC0ckAAAAGSMBVZV
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YC0ckAAAAGSMBVZV&_test=YC0ckAAAAGSMBVZV
https://us-u.openx.net/w/1.0/sd?cc=1&id=537148856&val=YC0ckAAAAGSMBVZV&_test=YC0ckAAAAGSMBVZV

43 B
106 B

43ms
43ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537148856&val=YC0ckAAAAGSMBVZV&_test=YC0ckAAAAGSMBVZV
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:28 GMT
via: 1.1 google
server: OXGW/16.202.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537148856&val=YC0ckAAAAGSMBVZV&_test=YC0ckAAAAGSMBVZV
date: Wed, 17 Feb 2021 13:39:28 GMT
via: 1.1 google
server: OXGW/16.202.0
alt-svc: clear
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame E1C7
Redirect Chain

https://green.erne.co/openx/cm
https://pixel.onaudience.com/?mapped=qmys22DFkosH4iMputksWVTT&partner=2&redirect=green.erne.co%2Fct%2Fcm%3Fred%3Dhttps%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072998%2526rtb...
https://sync.crwdcntrl.net/map/c=14544/tp=BIDB?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26redirect%3Dhttps%253A%252F%252Fgreen.erne.co%252Fc...
https://sync.crwdcntrl.net/map/ct=y/c=14544/tp=BIDB?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26redirect%3Dhttps%253A%252F%252Fgreen.erne.co%...
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=5eec6efa0886ba6a6965b826f30379d1&redirect=https%3A%2F%2Fgreen.erne.co%2Fct%2Fcm%3Fred%3Dhttps%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%25...
https://green.erne.co/ct/cm?red=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072998%26rtb%3Dqmys22DFkosH4iMputksWVTT
https://us-u.openx.net/w/1.0/sd?id=537072998&rtb=qmys22DFkosH4iMputksWVTT

43 B
106 B

42ms
41ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072998&rtb=qmys22DFkosH4iMputksWVTT
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.202.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=9d434638-ce6f-418d-ac16-6301775de208&gdpr=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:29 GMT
via: 1.1 google
server: OXGW/16.202.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?id=537072998&rtb=qmys22DFkosH4iMputksWVTT
date: Wed, 17 Feb 2021 13:39:29 GMT
server: openresty
content-length: 146
strict-transport-security: max-age=0; includeSubDomains;
content-type: text/html; charset=UTF-8

GET
H3-Q050 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwZsPF4o.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame D242 14 KB
15 KB 34ms
20ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwZsPF4o.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1daab0f66666bc3a1d05d70de979a80680d985cc924e233fab61eef2d03bafe2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 18:30:53 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:17 GMT
server: sffe
age: 68912
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14816
x-xss-protection: 0
expires: Wed, 16 Feb 2022 18:30:53 GMT

GET
H3-Q050 200 4UaGrENHsxJlGDuGo1OIlL3Owp5eKQtG.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame D242 14 KB
14 KB 34ms
20ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp5eKQtG.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f199a20f1fee7dec152b3591272f9715b536ed88b4c36194488fd5a734caf707

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 12:56:41 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:06 GMT
server: sffe
age: 520964
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14608
x-xss-protection: 0
expires: Fri, 11 Feb 2022 12:56:41 GMT

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 84E6 8 KB
6 KB 20ms
19ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210211&st=env

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e243f7c1d4f219756e581bcd30f175bd112c692b3807e481eafdc7621fb483e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 17 Feb 2021 13:39:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6471
x-xss-protection: 0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 0E4F
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEP4zPCeHk9MtdozzGQWV6lE&google_cver=1&google_push=AQvitUJtpXOYFOW21aon4aFrTrOdxDZXDtdojD4yr8gaHvrSPAgI-9Gn_TbxxiF4o0iVG0032Q5F4lv8XXH2dHSC...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=4gZgLRyMSACqxu4KR02pyg&google_push=AQvitUJtpXOYFOW21aon4aFrTrOdxDZXDtdojD4yr8gaHvrSPAgI-9Gn_TbxxiF4o0iVG0032Q5F4lv8XXH2dHSC-iLTT_bkBbA

170 B
696 B

19ms
17ms

Image
image/png

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=4gZgLRyMSACqxu4KR02pyg&google_push=AQvitUJtpXOYFOW21aon4aFrTrOdxDZXDtdojD4yr8gaHvrSPAgI-9Gn_TbxxiF4o0iVG0032Q5F4lv8XXH2dHSC-iLTT_bkBbA

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 17 Feb 2021 13:39:28 GMT
Server: MT3 3518 2f03077 master zrh-pixel-x29
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=4gZgLRyMSACqxu4KR02pyg&google_push=AQvitUJtpXOYFOW21aon4aFrTrOdxDZXDtdojD4yr8gaHvrSPAgI-9Gn_TbxxiF4o0iVG0032Q5F4lv8XXH2dHSC-iLTT_bkBbA
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 17 Feb 2021 13:39:27 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 0E4F
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEBtXqKWsa1ESoqYLusm5MOE&google_push=AQvitUL4gnzYEGvQYIkG5bDwxYCOKhh1L2ig5LMcqO43uVjRmZefrn2WiQ...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEBtXqKWsa1ESoqYLusm5MOE&google_push=AQvitUL4gnzYEGvQYIkG5bDwxYCOKhh1L2ig5LMcqO43uVjRmZefrn2WiQ...

170 B
213 B

16ms
15ms

Image
image/png

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEBtXqKWsa1ESoqYLusm5MOE&google_push=AQvitUL4gnzYEGvQYIkG5bDwxYCOKhh1L2ig5LMcqO43uVjRmZefrn2WiQhTlENodLTBl-Hzg3R8cVSmPzYHwhcvPAvcNR-BVQ&google_tc=

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:28 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEBtXqKWsa1ESoqYLusm5MOE&google_push=AQvitUL4gnzYEGvQYIkG5bDwxYCOKhh1L2ig5LMcqO43uVjRmZefrn2WiQhTlENodLTBl-Hzg3R8cVSmPzYHwhcvPAvcNR-BVQ&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 465
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 0E4F
Redirect Chain

https://px.adhigh.net/p/gm/rub?google_gid=CAESEA4Ejsiy0NIoamuayEEn53o&google_cver=1&google_push=AQvitUKm5tHlgRBYNy85G1kqM4Fi2h1W_vUs6cJxICaAlw1xerGYHsq37ZIr89AScgDLPX8PmLHwvv5G1wLjI_4FMKCk2CPSd04
https://px.adhigh.net/p/gm/rub?google_gid=CAESEA4Ejsiy0NIoamuayEEn53o&google_cver=1&google_push=AQvitUKm5tHlgRBYNy85G1kqM4Fi2h1W_vUs6cJxICaAlw1xerGYHsq37ZIr89AScgDLPX8PmLHwvv5G1wLjI_4FMKCk2CPSd04&b...
https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AQvitUKm5tHlgRBYNy85G1kqM4Fi2h1W_vUs6cJxICaAlw1xerGYHsq37ZIr89AScgDLPX8PmLHwvv5G1wLjI_4FMKCk2CPSd04&google_hm=QKRp6xh0lUcAAikABlF3sDd3...

170 B
190 B

17ms
17ms

Image
image/png

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AQvitUKm5tHlgRBYNy85G1kqM4Fi2h1W_vUs6cJxICaAlw1xerGYHsq37ZIr89AScgDLPX8PmLHwvv5G1wLjI_4FMKCk2CPSd04&google_hm=QKRp6xh0lUcAAikABlF3sDd3cw%3D%3D

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:21 GMT
server: nginx
access-control-allow-origin: *
x-backend-id: f2-ru
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AQvitUKm5tHlgRBYNy85G1kqM4Fi2h1W_vUs6cJxICaAlw1xerGYHsq37ZIr89AScgDLPX8PmLHwvv5G1wLjI_4FMKCk2CPSd04&google_hm=QKRp6xh0lUcAAikABlF3sDd3cw%3D%3D
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 0E4F
Redirect Chain

https://sync3.sniperlog.ru/?src=ggl_nga&google_gid=CAESEHeJQ6ydtFa92Jt3zhrdo94&google_cver=1&google_push=AQvitUJRnHK0zjUci_KKGSJ449D7vuCzCuNh4jKNM775tAbvkth-seCaqLpT2YGGPpDakqtw1UZjZ6xphqOzZ7lhVU3v...
https://sync.bumlam.com/?src=ggl_nga&google_gid=CAESEHeJQ6ydtFa92Jt3zhrdo94&google_cver=1&google_push=AQvitUJRnHK0zjUci_KKGSJ449D7vuCzCuNh4jKNM775tAbvkth-seCaqLpT2YGGPpDakqtw1UZjZ6xphqOzZ7lhVU3vloq...
https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_push=AQvitUJRnHK0zjUci_KKGSJ449D7vuCzCuNh4jKNM775tAbvkth-seCaqLpT2YGGPpDakqtw1UZjZ6xphqOzZ7lhVU3vloqTB8E

170 B
190 B

18ms
17ms

Image
image/png

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_push=AQvitUJRnHK0zjUci_KKGSJ449D7vuCzCuNh4jKNM775tAbvkth-seCaqLpT2YGGPpDakqtw1UZjZ6xphqOzZ7lhVU3vloqTB8E

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 17 Feb 2021 13:39:28 GMT
Server: nginx
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_push=AQvitUJRnHK0zjUci_KKGSJ449D7vuCzCuNh4jKNM775tAbvkth-seCaqLpT2YGGPpDakqtw1UZjZ6xphqOzZ7lhVU3vloqTB8E
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 0E4F
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESENe_h-jGA-CNc5NissHNf-c&google_cver=1&google_push=AQvitULBfQwjMJ-g67J5AipGohU2X7f2YwYUlIAn_J7jkv0O49sXD5bJVlH-O7xveZnee9JGMeAcL05kc33e_O48a5TypIbL1Rc
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULBfQwjMJ-g67J5AipGohU2X7f2YwYUlIAn_J7jkv0O49sXD5bJVlH-O7xveZnee9JGMeAcL05kc33e_O48a5TypIbL1Rc&google_hm=Kx7Hx4TKyzYF8A5ir1-rqQ==

170 B
190 B

18ms
17ms

Image
image/png

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULBfQwjMJ-g67J5AipGohU2X7f2YwYUlIAn_J7jkv0O49sXD5bJVlH-O7xveZnee9JGMeAcL05kc33e_O48a5TypIbL1Rc&google_hm=Kx7Hx4TKyzYF8A5ir1-rqQ==

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:24 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULBfQwjMJ-g67J5AipGohU2X7f2YwYUlIAn_J7jkv0O49sXD5bJVlH-O7xveZnee9JGMeAcL05kc33e_O48a5TypIbL1Rc&google_hm=Kx7Hx4TKyzYF8A5ir1-rqQ==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: eli60vupk0jsv5c1rpd3tfgf4ol9osfi

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 0E4F
Redirect Chain

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEFZuizbzwveL0JJzk_Fk1CA&google_cver=1&google_push=AQvitUJl4Sn0z0Gredx9qu2qZGE-oMrwJpWNZEVUL7G0pTDJosfF6Uy0...
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEFZuizbzwveL0JJzk_Fk1CA&google_cver=1&google_push=AQvitUJl4Sn0z0Gredx9qu2qZGE-oMrwJpWNZEVUL7G0pTDJosfF6Uy0...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEFZuizbzwveL0JJzk_Fk1CA&google_cver=1&google_push=AQvitUJl4Sn0z0Gredx9qu2qZGE-oMrwJpWNZEVUL7G0pTDJosfF6U...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEFZuizbzwveL0JJzk_Fk1CA&google_cver=1&google_push=AQvitUJl4Sn0z0Gredx9qu2qZGE-oMrwJpWNZEVUL7G0pTDJosfF6U...
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA5MGZmMjIxYy03MTI1LTExZWItYWI3My0wNmZkY2RhZDU2OTA%3D&google_push=AQvitUJl4Sn0z0Gredx9qu2qZGE-oMrwJpWNZEVUL7G0pTDJosfF6Uy0IF_Zg3TOiI...

170 B
190 B

16ms
16ms

Image
image/png

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA5MGZmMjIxYy03MTI1LTExZWItYWI3My0wNmZkY2RhZDU2OTA%3D&google_push=AQvitUJl4Sn0z0Gredx9qu2qZGE-oMrwJpWNZEVUL7G0pTDJosfF6Uy0IF_Zg3TOiIeYUvQbOQ61cYCUbnAhxr1nNNd3uwy-e1df

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 17 Feb 2021 13:39:32 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA5MGZmMjIxYy03MTI1LTExZWItYWI3My0wNmZkY2RhZDU2OTA%3D&google_push=AQvitUJl4Sn0z0Gredx9qu2qZGE-oMrwJpWNZEVUL7G0pTDJosfF6Uy0IF_Zg3TOiIeYUvQbOQ61cYCUbnAhxr1nNNd3uwy-e1df
Connection: keep-alive
Content-Length: 0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 0E4F
Redirect Chain

https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEA6dGcCXh-_usPyGFPx3PnE&google_cver=1&google_push=AQvitUK91_dxWnQHWxvYWsuz2wiUlC0ZGQb3p10QPExq3945d1P8qKG1GxtR46ujtdr4hk5Yy2WNdhldfnCHsMjzf...
https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=OTVlZjQyNDMtYTIwMC00ZGEwLWIxMDAtYWU5ZTU2MmMzM2Jm&google_push=AQvitUK91_dxWnQHWxvYWsuz2wiUlC0ZGQb3p10QPExq3945d1P8qKG1GxtR46uj...

170 B
190 B

16ms
15ms

Image
image/png

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=OTVlZjQyNDMtYTIwMC00ZGEwLWIxMDAtYWU5ZTU2MmMzM2Jm&google_push=AQvitUK91_dxWnQHWxvYWsuz2wiUlC0ZGQb3p10QPExq3945d1P8qKG1GxtR46ujtdr4hk5Yy2WNdhldfnCHsMjzfmMSDAGuNH--

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=OTVlZjQyNDMtYTIwMC00ZGEwLWIxMDAtYWU5ZTU2MmMzM2Jm&google_push=AQvitUK91_dxWnQHWxvYWsuz2wiUlC0ZGQb3p10QPExq3945d1P8qKG1GxtR46ujtdr4hk5Yy2WNdhldfnCHsMjzfmMSDAGuNH--
date: Wed, 17 Feb 2021 13:39:32 GMT
content-length: 0

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame 0E4F 0
26 B 14ms
14ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Kj5L1LObAOXC1CIv0RZHZ7x4YI6viYwRY-TPVLO1YoutHCZBr9yAsfcE26MUqAkwi6WOn4FS0

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:25 GMT
server: HTTP server (unknown)
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 58D3 8 KB
6 KB 17ms
17ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210211&st=env

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

92cf53749e842af23c4d55930e22099eb478b6b4f36a2640bf406cbbed76f286

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 17 Feb 2021 13:39:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6411
x-xss-protection: 0

GET
H3-Q050

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 823C
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
139 B

40ms
38ms

Document
text/html

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmZEt7rnhtXQYRkeL2oOY8IS87mRSGxxo2eDxEhtJ3IXtemrrq4Zjl8bfmh
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 17 Feb 2021 13:39:25 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Wed, 17-Feb-2021 14:39:25 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Wed, 17 Feb 2021 13:39:25 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 17 Feb 2021 13:39:25 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 84E6 17 KB
6 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Wed, 17 Feb 2021 13:39:25 GMT

GET
H3-Q050 200 d51ouiIaoe_oO0a42MWTKpyCrSNXucyUKMnav5ltGHU.js Show response
pagead2.googlesyndication.com/bg/ Frame 670D 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/d51ouiIaoe_oO0a42MWTKpyCrSNXucyUKMnav5ltGHU.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

779d68ba221aa1efe83b46b8d8c5932a9c82ad2357b9cc9428c9dabf996d1875

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492128&pi=t.ma~as.1139220782&w=320&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163518&bpp=23&bdt=292&idt=310&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=2&ga_vid=1723523192.1613569164&ga_sid=1613569164&ga_hid=590709438&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1798819538&scr_x=0&scr_y=0&eid=44736623%2C21068109%2C21068495%2C21068769%2C21068893&oid=3&pvsid=1620580691959385&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.hthzlhm2xcw&fsb=1&xpc=EVWxheMNe0&p=https%3A//securityaffairs.co&dtd=335
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 11:37:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 09 Feb 2021 09:15:00 GMT
server: sffe
age: 7307
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6215
x-xss-protection: 0
expires: Thu, 17 Feb 2022 11:37:38 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 1F3D
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPmyFuP_rf5KQkvIO4Tr0pk&google_cver=1&google_push=AQvitUJK5PoYLehvG_5oA3zdODvzh402gHAePPm7nSgk1p6t8wPUUgYO9G...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJK5PoYLehvG_5oA3zdODvzh402gHAePPm7nSgk1p6t8wPUUgYO9GooRfDNHeV0BMHgLaIUwciO8vJYG6H0vS8yst2KJY4&google_hm=EPzorJ3...

170 B
190 B

16ms
15ms

Image
image/png

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJK5PoYLehvG_5oA3zdODvzh402gHAePPm7nSgk1p6t8wPUUgYO9GooRfDNHeV0BMHgLaIUwciO8vJYG6H0vS8yst2KJY4&google_hm=EPzorJ3fB3l-Ci1hj_VqdA

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitUJK5PoYLehvG_5oA3zdODvzh402gHAePPm7nSgk1p6t8wPUUgYO9GooRfDNHeV0BMHgLaIUwciO8vJYG6H0vS8yst2KJY4&google_hm=EPzorJ3fB3l-Ci1hj_VqdA
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 1F3D
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEP-UcFVyFZGkX0L86reW_sY&google_cver=1&google_push=AQvitUJdJL1GbNfalgIz6y7CLfogAY_S2M5y39fwituzk5Ly6uA8CjMBCbqyCo-zuMBvc_m38RkF8VCEWW6...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AQvitUJdJL1GbNfalgIz6y7CLfogAY_S2M5y39fwituzk5Ly6uA8CjMBCbqyCo-zuMBvc_m38RkF8VCEWW6eZskQpGneQrnkDWA&google_hm=pa129clUQJm50uy2CW6pzbs

170 B
190 B

16ms
16ms

Image
image/png

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AQvitUJdJL1GbNfalgIz6y7CLfogAY_S2M5y39fwituzk5Ly6uA8CjMBCbqyCo-zuMBvc_m38RkF8VCEWW6eZskQpGneQrnkDWA&google_hm=pa129clUQJm50uy2CW6pzbs

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:31 GMT
via: 1.1 google
server: Apache-Coyote/1.1
status: 302
p3p: CP="NOI DSP COR NID CUR OUR NOR"
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AQvitUJdJL1GbNfalgIz6y7CLfogAY_S2M5y39fwituzk5Ly6uA8CjMBCbqyCo-zuMBvc_m38RkF8VCEWW6eZskQpGneQrnkDWA&google_hm=pa129clUQJm50uy2CW6pzbs
cache-control: no-cache, must-revalidate
content-type: text/html;charset=UTF-8
alt-svc: clear
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 1F3D
Redirect Chain

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEFtnNhgTFCHEgPOl5QmuODg&google_cver=1&google_push=AQvitUJSEogQxuRpqZQQ0d9ZBFhFHKw1HC22RWFCEj9EmD_rQSEtmat89VgT-MQSA-55T_UevpjgNr49kXj...
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AQvitUJSEogQxuRpqZQQ0d9ZBFhFHKw1HC22RWFCEj9EmD_rQSEtmat89VgT-MQSA-55T_UevpjgNr49kXj-HiLvrn2hacBwyEk

170 B
201 B

22ms
17ms

Image
image/png

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AQvitUJSEogQxuRpqZQQ0d9ZBFhFHKw1HC22RWFCEj9EmD_rQSEtmat89VgT-MQSA-55T_UevpjgNr49kXj-HiLvrn2hacBwyEk

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AQvitUJSEogQxuRpqZQQ0d9ZBFhFHKw1HC22RWFCEj9EmD_rQSEtmat89VgT-MQSA-55T_UevpjgNr49kXj-HiLvrn2hacBwyEk
Date: Wed, 17 Feb 2021 13:39:25 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=2999
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 1F3D
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEEjy1qvn80B45YyBmk-EzQo&google_cver=1&google_push=AQvitUKmgbtOb-wly1GAL5aTYEW_ig8zUR-GMuDywWzUUtkqosfyUdWUSkpdm2ai1TJmBqmhIOS-2zsK8arjirRL02LjiSa...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUKmgbtOb-wly1GAL5aTYEW_ig8zUR-GMuDywWzUUtkqosfyUdWUSkpdm2ai1TJmBqmhIOS-2zsK8arjirRL02LjiSa03Hs&google_hm=NzY1MDA1ODY4MDM4NDU3OTg...

170 B
190 B

21ms
20ms

Image
image/png

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUKmgbtOb-wly1GAL5aTYEW_ig8zUR-GMuDywWzUUtkqosfyUdWUSkpdm2ai1TJmBqmhIOS-2zsK8arjirRL02LjiSa03Hs&google_hm=NzY1MDA1ODY4MDM4NDU3OTg4Mg%3D%3D

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 17 Feb 2021 13:39:25 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AQvitUKmgbtOb-wly1GAL5aTYEW_ig8zUR-GMuDywWzUUtkqosfyUdWUSkpdm2ai1TJmBqmhIOS-2zsK8arjirRL02LjiSa03Hs&google_hm=NzY1MDA1ODY4MDM4NDU3OTg4Mg%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 1F3D
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEAcaQBRhb4NciesPuGkLJJ0&google_cver=1&google_push=AQvitULK71F7QTBioCVwEITahoiCGY9pX0lxt3MpVLHD5Ua9fy710fG7SwCIRFsatd6zldRcfWu93L7t...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzQ4ODAwMzgzNjg4NTM5NzM0&google_push=AQvitULK71F7QTBioCVwEITahoiCGY9pX0lxt3MpVLHD5Ua9fy710fG7SwCIRFsatd6zldRcfWu93L7t...

170 B
190 B

17ms
16ms

Image
image/png

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzQ4ODAwMzgzNjg4NTM5NzM0&google_push=AQvitULK71F7QTBioCVwEITahoiCGY9pX0lxt3MpVLHD5Ua9fy710fG7SwCIRFsatd6zldRcfWu93L7t7Wzdf157KfFx8Y1Pdfo

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzQ4ODAwMzgzNjg4NTM5NzM0&google_push=AQvitULK71F7QTBioCVwEITahoiCGY9pX0lxt3MpVLHD5Ua9fy710fG7SwCIRFsatd6zldRcfWu93L7t7Wzdf157KfFx8Y1Pdfo
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
expires: -1

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 1F3D
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESENq_Odign8hb6SmPerwXvo8&google_cver=1&google_push=AQvitULPrJJ9-cyj1iatPVod1DfhjXAzMOhrr9cqc-rPcQ16knKyV5q6ElExZhUfxERWMtpvXGPSqtX1GAfoqfHQxU6-NClEvcQ
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULPrJJ9-cyj1iatPVod1DfhjXAzMOhrr9cqc-rPcQ16knKyV5q6ElExZhUfxERWMtpvXGPSqtX1GAfoqfHQxU6-NClEvcQ&google_hm=Kx7Hx4TKyzYF8A5ir1-rqQ==

170 B
190 B

18ms
17ms

Image
image/png

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULPrJJ9-cyj1iatPVod1DfhjXAzMOhrr9cqc-rPcQ16knKyV5q6ElExZhUfxERWMtpvXGPSqtX1GAfoqfHQxU6-NClEvcQ&google_hm=Kx7Hx4TKyzYF8A5ir1-rqQ==

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULPrJJ9-cyj1iatPVod1DfhjXAzMOhrr9cqc-rPcQ16knKyV5q6ElExZhUfxERWMtpvXGPSqtX1GAfoqfHQxU6-NClEvcQ&google_hm=Kx7Hx4TKyzYF8A5ir1-rqQ==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: b3iuq07coma5ap2q8a4slucgrd44bubs

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 1F3D
Redirect Chain

https://cs.media.net/cksync?type=g&google_gid=CAESEHTyXqjze3LR7uL6OHurPbM&google_cver=1&google_push=AQvitUJIlUxJBSHuBuWRa8D818-kjFBMoSx6INbt7nPvaklE4HIRl9sxe60mod71_1tUB8yyD9Ldp6wjJicVhR3aAliwEiHCCNU
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjU2NTcwNzY1NTM1NjM1MDAwMFYxMA%3d%3d&mn_hm=MjU2NTcwNzY1NTM1NjM1MDAwMFYxMA%3d%3d&google_sc=1&google_push=AQvitUJIlUxJBSHuBuWRa8D818-kjFB...

170 B
190 B

16ms
16ms

Image
image/png

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjU2NTcwNzY1NTM1NjM1MDAwMFYxMA%3d%3d&mn_hm=MjU2NTcwNzY1NTM1NjM1MDAwMFYxMA%3d%3d&google_sc=1&google_push=AQvitUJIlUxJBSHuBuWRa8D818-kjFBMoSx6INbt7nPvaklE4HIRl9sxe60mod71_1tUB8yyD9Ldp6wjJicVhR3aAliwEiHCCNU

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
location: https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjU2NTcwNzY1NTM1NjM1MDAwMFYxMA%3d%3d&mn_hm=MjU2NTcwNzY1NTM1NjM1MDAwMFYxMA%3d%3d&google_sc=1&google_push=AQvitUJIlUxJBSHuBuWRa8D818-kjFBMoSx6INbt7nPvaklE4HIRl9sxe60mod71_1tUB8yyD9Ldp6wjJicVhR3aAliwEiHCCNU
cache-control: max-age=0, no-cache, no-store
content-type: text/html
content-length: 154
x-mnet-hl2: E
expires: Wed, 17 Feb 2021 13:39:25 GMT

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame 1F3D 0
16 B 15ms
14ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JHgXdv6egOft7wGJnRLpRx9T6bghMn29bZ0FqdTn_oZDSwovpVNXmEaXvu34CSea7_gg7u

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:25 GMT
server: HTTP server (unknown)
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame D599 8 KB
6 KB 20ms
19ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210211&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210211/r20190131/show_ads_impl_exp_fy2019.js?bust=exp%3D21066652

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aedc05cefbe1fb2c60cfb8b55464ccb2376060fb62047a1e3f07c0cbffa0947a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 17 Feb 2021 13:39:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6453
x-xss-protection: 0

GET
H3-Q050

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4C85
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
21 B

41ms
39ms

Document
text/html

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmZEt7rnhtXQYRkeL2oOY8IS87mRSGxxo2eDxEhtJ3IXtemrrq4Zjl8bfmh
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 17 Feb 2021 13:39:25 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Wed, 17-Feb-2021 14:39:25 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Wed, 17 Feb 2021 13:39:25 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 17 Feb 2021 13:39:25 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 58D3 17 KB
6 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Wed, 17 Feb 2021 13:39:25 GMT

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame 902D 12 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Wed, 17 Feb 2021 12:39:03 GMT
expires: Thu, 17 Feb 2022 12:39:03 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 3622
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame D599 17 KB
6 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210211/r20190131/show_ads_impl_exp_fy2019.js?bust=exp%3D21066652

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:39:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Wed, 17 Feb 2021 13:39:25 GMT

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame 82A4 12 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Wed, 17 Feb 2021 12:39:03 GMT
expires: Thu, 17 Feb 2022 12:39:03 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 3622
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame 4688 12 KB
5 KB 6ms
5ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Wed, 17 Feb 2021 12:39:03 GMT
expires: Thu, 17 Feb 2022 12:39:03 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 3622
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 d51ouiIaoe_oO0a42MWTKpyCrSNXucyUKMnav5ltGHU.js Show response
pagead2.googlesyndication.com/bg/ Frame 902D 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/d51ouiIaoe_oO0a42MWTKpyCrSNXucyUKMnav5ltGHU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

779d68ba221aa1efe83b46b8d8c5932a9c82ad2357b9cc9428c9dabf996d1875

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 11:37:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 09 Feb 2021 09:15:00 GMT
server: sffe
age: 7307
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6215
x-xss-protection: 0
expires: Thu, 17 Feb 2022 11:37:38 GMT

GET
H3-Q050 200 d51ouiIaoe_oO0a42MWTKpyCrSNXucyUKMnav5ltGHU.js Show response
pagead2.googlesyndication.com/bg/ Frame 82A4 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/d51ouiIaoe_oO0a42MWTKpyCrSNXucyUKMnav5ltGHU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

779d68ba221aa1efe83b46b8d8c5932a9c82ad2357b9cc9428c9dabf996d1875

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 11:37:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 09 Feb 2021 09:15:00 GMT
server: sffe
age: 7307
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6215
x-xss-protection: 0
expires: Thu, 17 Feb 2022 11:37:38 GMT

GET
H3-Q050 200 d51ouiIaoe_oO0a42MWTKpyCrSNXucyUKMnav5ltGHU.js Show response
pagead2.googlesyndication.com/bg/ Frame 4688 14 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/d51ouiIaoe_oO0a42MWTKpyCrSNXucyUKMnav5ltGHU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

779d68ba221aa1efe83b46b8d8c5932a9c82ad2357b9cc9428c9dabf996d1875

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 11:37:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 09 Feb 2021 09:15:00 GMT
server: sffe
age: 7307
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6215
x-xss-protection: 0
expires: Thu, 17 Feb 2022 11:37:38 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame D169 0
746 B 44ms
43ms Script
text/html 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/dmp/async_usersync.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:25 GMT
X-Proxy-Origin: 185.156.175.187; 185.156.175.187; 723.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.5:80
AN-X-Request-Uuid: 05bbdc22-0b8c-4c66-96b1-f6a58f5818d4
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D599 0
54 B 45ms
42ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gda_r20210211&jk=92396654613651&bg=!ammlaSrNAAXRs2QT0TsAKQB2-DxaM2l0Y6OaXOJxAg85O2Bi9IC63u6cNT9oSa3w_VOQNGSZpH-uAgAAAONSAAAAJmgBBwoAy4SnD5I-9_cEu6-JEPmEYAHCI-6E5Xv1VFdbFqHaaAB-byjTCTVCLHiWun6uTfSr9FTDWU0JeqotHZfUD3vzdGqUUj6R273zZZS9wa9XSAOeqHcYoMcojLbTcfTdzrFcRZ-n_B9U8EAOtTpVrCL-gU2Xyscs-CEOkxjktTQl1vXHTKMHWNKhLNMlwIHxIO6vy5KeUVt9jOBa1X_NJzTFzldTVluCk2KgpXRS3ltbFHb2gHttb5h9oHeIt1d9Su6uoQoNXiR-B0NYNWdEmQIvX87ZBGpzWOCpRyoX9HWFRxxzT5_EtDsAvNX4OQlGbZc9Xu1npzM-U4DsVdlTGAEejlxra56egdVfSidtp0TxzzLsQKOQ2MbnkVLXWszD-nLgYdlDPVceKUHqdXemoFrrTA72CsyZSZDDZsDODZGzq1oeqH5Ii9ITAoKxZ7jn-l1DldruMOA5EHXHeOn_tSIxnG-Vrw5ycdif-lNnYQFo6xUyDSZYqs3g6XbWvvU_Sn5xqZC0-3-OkNlW6SCrCrxvKpuVD-EeKmIbfGpppZysUkoUZ-XySw1fZJuN66eHfIR512RAKGitRv_lRuwzanWByys8KOjdE9BV58RreJ8L1l9q2Gzcs8M5uxqcFzomxLQLfphK1vnKDDpf8c5gbRo8b1I33Y--uvn5Iz3GEQLzt9ambGKiSv7m6oPfHQ99JeYSlFfHuzAGRUyJ0l8fFBkkNAHDiC1E5UFbwiEDD9jrFhTQhiNpx4upXe0SKlRETn4gKjJ1ZBKx8V_HjjG01QBox3z6JHpzxgfTpVCryVoFqYOKTd0VxGsEXrLmsfsYJEF8ZchtZ6iI2TsmZScgzjf0aBcGHoOaeIpO8OGsV9lNNtCFKB4eOGlnagYpNdtAbyt8G4afnZPGSZ4Kp3dzc2ho11Xz-pbVUJdHdwZuvt92S9W8PYMMpqYcX6cGthUF5Arq6J791OZwKU9Ub8o-zzX9a8tarcqTcTbfIFS5vO1MSY9ACpQaGyyIj-nN5qoKrw

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 84E6 0
23 B 43ms
42ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gda_r20210211&jk=2164766191774230&bg=!DA-lD0zNAAXRs2QT0TsAKQB2-Dxa8UHIQxLT1cqk4l4b3vp3fR25Pp97_ijw9E7rkX1EFD2MuMBIAgAAAOhSAAAAO2gBBwoBI_7UjhZEcfRpAhBkEifDWdh5p-kVUuyq9SSJlT3Q0zhpRLkjsqu8RB4c5qk_WuHKTrvVOWf9qvu2U9NSOuFFsro6CZm2eLeNCWw_ZyiaCvRjn38hBcrfQEmH6OPzcOiZwqA2kLK8OmF4zQtvpvQVRrqifa0oaF_9A5jBd-t1soL2BtEH87TuWI3vhRIWC0nLLBJPic6D41PNjtWy8t7A4isCD-ukxiPCF5uZa4JrOJvrUWK0YjyavuzjcOzqMqG6rAuIZgDZIH7nA9ucVE8YccdlSqGoaEThw0jxRF-Q7nOO4sPRDGQj-m-3fEZXnoh6zURaYN92dnH7l5SnbSwCdTNxKTvK2_o_5XYf7xarBTW3gLcsp1KfLETYGZ7f-zm7tq_S8ZkCLSq2sGUq0a_m25MHO2MODPypIDxvh7_Az77N9gz9uypv4lDep6AxAF2QX-yq0YLQdbT3BhBzPjOEp--B2xVSjEsy9cZqQPSGV0no0PdG9g03S6DcwT7l4VwJ7wP38FlCE722xGzvoO_gyHMPIoTOgK72VydCgWtcFlZXCfwqJjpwhWYbedWnsJ7I0NbCmlb8FST7kvXlc-L-DC-3zAGRT0mgDUuJrcmwkqmd_5N8SYcbrtTMzweHq4qa5KhLyyttK0FiJdj5xO3ACkKChGllsIgHJDm1RBF8uSEjYsZAVa7Y35kmRXbSoccDXHM4SjvXOWUv1MKNpd_mZg5lacnDp-3ux9la_8ZpUPQQJHy_lmehLAfNXna_y_aNvS8kvsA67KYSe-AO1eokKZufkgdC0qlXG9ASMBV7jwwIt_JbDSCr28BEZA0xf_Fb_iUgudYcjJ-2X_QdB8ufWz66TivM1qQ5o0LeerllKb8RFRLIj_sq4Bjo1C6zWciZXM7-VYt3IoTTJ7tlqFkn1k2uEqIpQ5iG9dpmHE7flR_YbRVOWY9DKTonzhD_g25_m3erqx-W2AgyML3Quxx7SffvY_II2sAzDg01407IyG8B0PlOEvwkrg60SZzS-rE8K80jKG8zsbSc9WCxfN1hERokPjqeSIuEj26JJJcs-fvH7Ewg6VuKjS_cXM9jvj3CccsPfuwWvmkyZ74Z9OgrjnHSZqQVsaYjr3FfzUD717VlEgAf

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 58D3 0
23 B 41ms
40ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gda_r20210211&jk=1620580691959385&bg=!YmGlYSLNAAXRs2QT0TsAKQB2-Dxa3UMT31h0Syk8XD9__wuTkhywqnJkut99zvz71zT4mMty-ejoAgAAARBSAAAAH2gBBwoAim06Mjm9btd2_L6yjoY3CRGQZrLx-ne-MqnZH7luBd6Eo1m6Shg1d_JkgpKf3VJPx4Q6wNZUWH7TfCl3eT0-_EWP8FecoZ1okMrLWFPbCwbIYEPji16jKpczrlcGUOixdYz1ilf76QiXyP52JdCP7c3jMUnE9mBvLMCpOaOjtz2ACvLY63AUfQ9wqZkCJe1v6AJR0PA7u4hSgbEI13DL2tyrXd3gzzYbX8y-6JhLM8mBRd3conj34zOlUzlywUB-VUP7BGMg57Zut6HLD3287w3NrISuez7j_LbX8jvQO31oI_GeVwr-EalPKkEdqdyokK8rUzTgGF1dxWVMhPWbx4PaJ0lUvlt1sUyMO4vXR2Wd3Q62y5S8eYzaBOQhdBp1dg8q3G79vivpuezpgDBG7v4f8bp4kEo1csWrxK9LqNDB5bv000i57exzGv8MtsN6BbsQK4-r5LA7S9uGB4eVcXRdCucMfWCaVusyaXqanbIvF_1x578krUSSQH-HXT-mQoy6LBNC5z0LLuxtcoWDxIoHOESUqREw5nUqTO2DzO3513LmPYFL9U_Dm3j6aUYyOowdIzR69waZGOQO0Av4ZmBSpYYpkdccI19BNfukLvR-9wRB2ORACVKoKYmGR6Jjcp0BZK98BReA_9RkstU5kTxme8Ap16wHmZDsybGgP3z_zKQozATh2C0To1P5AyiE9UpZNRemmYF8aqPxA1br1_Aha9dcHEws1wLtvDf4pAIV4i3zYGy71iVY-Xv2SSyS45tKPwVRuF1t_7CcIjuaHeoOsqbxP-s8WKGHuBc8C6waudqXJoYbFyorG0UsSVYsGSryVhBXBQo1TtR0C9emWjZRklKZfEFCWH03IV6ZyqVMByOImgZagJG6iq4uNGTz22crPQvs-JnjrtaWLcXJW3N-6g

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame F989 0
748 B 57ms
57ms Script
text/html 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/dmp/async_usersync.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:26 GMT
X-Proxy-Origin: 185.156.175.187; 185.156.175.187; 723.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.186:80
AN-X-Request-Uuid: 3bf5d315-ec7e-4e47-a22f-588daacc78ee
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 236B 0
748 B 40ms
40ms Script
text/html 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/dmp/async_usersync.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:26 GMT
X-Proxy-Origin: 185.156.175.187; 185.156.175.187; 723.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.238:80
AN-X-Request-Uuid: c49565cb-b839-423f-82c8-2006b99b7aa8
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame DA45 42 B
155 B 49ms
49ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsugwST3OYQ5F_N2M3D6uhBF3EtSlASC94LR3xYxNwz0H9v1oz3Z4fYK6KxFN1-dCyL8vQJyKMcSHDuwiHUYUDKqdjpbZ23GaZsboRHlXbaQ4xn7Qo6zUZoS3aQa3g&sai=AMfl-YSk2dmFDz0Gg-a5aAUbERWMlg83AfeDyk8fxGNwIkX-KZqfyb61usrESvD_Yimg-HgX7WOjKbQ0t3c92b_3tUvvVHtbOWWbkgo&sig=Cg0ArKJSzAy4H6bKCvlXEAE&cid=CAASF-RoNumcSTVJQNbszfjfNMZh4_RIf-jc&id=osdim&mcvt=1002&p=0,0,50,320&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20210212&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=2470624294&rs=2&met=mue&la=0&cr=0&osd=1&vs=4&rst=1613569163859&dlt=556&rpt=359&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=50&slotname=1139220782&adk=2470624294&adf=1357492128&pi=t.ma~as.1139220782&w=320&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163518&bpp=23&bdt=292&idt=310&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=2&ga_vid=1723523192.1613569164&ga_sid=1613569164&ga_hid=590709438&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=844&biw=1600&bih=1200&isw=320&ish=50&ifk=1798819538&scr_x=0&scr_y=0&eid=44736623%2C21068109%2C21068495%2C21068769%2C21068893&oid=3&pvsid=1620580691959385&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C50&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.hthzlhm2xcw&fsb=1&xpc=EVWxheMNe0&p=https%3A//securityaffairs.co&dtd=335
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:26 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D242 42 B
66 B 46ms
46ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstX89O3eL7rg-ylD9Rb1i9-W2U37V1OxsEpV2GbtgNeAJKpfKLdjtOz0ieYTrWN8W13QiBTB_ZRX_z2qkqlW3Mz1B_5t6Q3CPz5eA5TvirtnP3v2RlVspDFKwmATg&sai=AMfl-YRTfgKYfo3AxdrmwU2EaNur9X3kkfYF_s1ZJDSn6gN_pNAISo6lHhht9B_WnLDwbUNhDrIkolD8PSfr3UnY_2KiIL1EmNv34ag&sig=Cg0ArKJSzM12xnRZAx6hEAE&cid=CAASF-RokMxqqwam3HUcpu-gESiHZYu3sICg&id=osdim&mcvt=1002&p=0,0,90,728&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20210212&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=141025852&rs=2&met=mue&la=0&cr=0&osd=1&vs=4&rst=1613569163961&dlt=539&rpt=267&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-1575911585432548&output=html&h=90&slotname=3157381981&adk=141025852&adf=1357492131&pi=t.ma~as.3157381981&w=728&lmt=1613569163&url=https%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2F114636%2Fmobile-2%2Fshareit-app-flaw.html&flash=0&wgl=1&dt=1613569163664&bpp=7&bdt=285&idt=275&shv=r20210211&cbv=r20190131&ptt=5&saldr=sa&correlator=7775699772421&frm=21&ife=1&pv=1&ga_vid=1732519201.1613569164&ga_sid=1613569164&ga_hid=2023375133&ga_fc=0&nhd=3&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=320&ady=518&biw=1600&bih=1200&isw=728&ish=90&ifk=1795037526&scr_x=0&scr_y=0&eid=21066652%2C21068769%2C21068893%2C21068945&oid=3&pvsid=92396654613651&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C90&vis=1&rsz=%7C%7CE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.2h9pole9qfhy&fsb=1&xpc=644pempeKA&p=https%3A//securityaffairs.co&dtd=292
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:26 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ptmd
dt.clnmde.com/ 70 B
330 B 125ms
121ms Image
image/gif 100.24.200.179
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.clnmde.com/ptmd?t=16135691624413246214969_N4IgZghiBcDaDMB2AbADgAzIJzwEyoBoBGdQ9A8yi6q5AFhsfQF0DwIBnGZNgC15ixc5XEVbgwMXGwCuMmEWQBWQuABuMECDYBLDdAYgOAFwjGZXOLiXEs4gF5RoRNgAcA5po1sApgDt9EFdtEHcBaBBFInglbEVcOjpohORROixsEONLSLpcLAxEOlSlFRC1HOQAOnQq+FQiEIgAGxh4NjAAYxgAWhcQH2MdBWRo2Kx4thNPaHIjAGtNKJi41IB9DKIsLDpEIhVEeBCfHWCIolQlKv3qokQri8RjmSd+mWHZ3zVWuFA-CAAtj5NAAjHQAE3BPgATmsISFwWYnKAwZCYXDwTA-DJms02GodBilqMVhNRvd0PUYuhGgBfWkEP6A4ERVFQ2HwtiI0wwFEQ9lE6DY3H4wnw84k8ZROhKeB0BoqJQgemMkD-IGg-nozkgbnIkBs7WYoU4vEgAmCyKS1Z3ZCIRDoRI7ZUMpka1lajmYrlI3kGz2C4Vmi3iq1jG3wIiJfA05Au8QcZomYnhskJGIhZqSZyiy3LKUkqN5DCKEKdCzGS2oADCAFUlAAhAAiyAAogB1ELubrOa1k+jKNgARxZ-TAH3QtKAA
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 100.24.200.179 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-24-200-179.compute-1.amazonaws.com
Software: / Express
Resource Hash: c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 17 Feb 2021 13:39:31 GMT
x-powered-by: Express
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: image/gif

GET
H/1.1 200
OK SPug Show response
simage4.pubmatic.com/AdServer/ Frame D8C3 0
587 B 166ms
41ms Script
text/plain 185.64.190.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=158127&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Date: Wed, 17 Feb 2021 13:39:27 GMT
Content-Encoding: gzip
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-cache
Transfer-Encoding: chunked
Content-Type: text/plain; charset=utf-8

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 91AE 37 KB
14 KB 36ms
35ms Document
text/html 23.218.208.200
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.200 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-200.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e70f46ce29bc22961327a3240b545cf419346d8c52316f774c7a7b2685914b8e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/showad.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; KADUSERCOOKIE=E60952DF-2B40-48F7-9D12-884507708F09; chkChromeAb67Sec=1; DPSync3=1614729600%3A201_227_226_221; SyncRTB3=1614729600%3A21_22_189_220_88_3_13_56_7_55_71_8_166_204_54_161_223_165_81_176_222_78_5_99%7C1614124800%3A2_15_67%7C1616112000%3A203%7C1614816000%3A35%7C1614384000%3A63; PUBMDCID=3; KRTBCOOKIE_107=1471-uid:oIAdzBXG1Lcn365; KRTBCOOKIE_27=16735-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&KRTB&16736-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&KRTB&23019-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&KRTB&23114-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca; KRTBCOOKIE_391=22924-748800383688539734; KRTBCOOKIE_377=6810-25cdaedb-1c69-42ce-aa53-86f520887a6e&KRTB&22918-25cdaedb-1c69-42ce-aa53-86f520887a6e&KRTB&23031-25cdaedb-1c69-42ce-aa53-86f520887a6e; KRTBCOOKIE_22=14911-4166112801591774730; KRTBCOOKIE_594=17105-RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003&KRTB&17107-RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003; KRTBCOOKIE_1074=22956-e_d574ea0e-5539-4ab0-ac87-661fde849d38; KRTBCOOKIE_409=22966-ze1MPIDzbyJHHFex1rbUWVTT&KRTB&23212-ze1MPIDzbyJHHFex1rbUWVTT; KRTBCOOKIE_153=19420-udyigL6PqIeijqLVvIm91eveqIKi2KHQv9ln-pGS&KRTB&22979-udyigL6PqIeijqLVvIm91eveqIKi2KHQv9ln-pGS; KRTBCOOKIE_80=16514-CAESED77e1pglK8XWemkl5xzF5U&KRTB&22987-CAESED77e1pglK8XWemkl5xzF5U&KRTB&23025-CAESED77e1pglK8XWemkl5xzF5U; KRTBCOOKIE_57=22776-910849219510724670; KRTBCOOKIE_699=22727-AAGgR07AWjkAABBjpTst7Q; KRTBCOOKIE_188=3189-6b3ff109-d5b4-4d00-a46d-57a113c97e89-602d1c8e-4348; PugT=1613569167; SPugT=1613569167; repi=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=85721
Expires: Thu, 18 Feb 2021 13:28:08 GMT
Date: Wed, 17 Feb 2021 13:39:27 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 91AE 1 KB
2 KB 40ms
40ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=1811759&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 0d6b10e5e73d115155396fa3079e599f107d3c18019d410224c3a3fddca5a12f

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 13:39:28 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 1234
Content-Type: text/html; charset=UTF-8

GET
H2 200 match Show response
c1.adform.net/serving/cookie/ Frame ED66 35 B
325 B 42ms
41ms Document
image/gif 37.157.6.253
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?party=14&cid=E60952DF-2B40-48F7-9D12-884507708F09

Requested by

Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=1811759&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.253 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

s1.adform.net

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: c1.adform.net
:scheme: https
:path: /serving/cookie/match?party=14&cid=E60952DF-2B40-48F7-9D12-884507708F09
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/showad.js
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: C=1; uid=748800383688539734
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

server: nginx
date: Wed, 17 Feb 2021 13:39:28 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
set-cookie: uid=748800383688539734; expires=Sun, 18 Apr 2021 13:39:28 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains

GET
H/1.1

200
OK

Cookie set Pug Show response
simage2.pubmatic.com/AdServer/ Frame A559
Redirect Chain

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:F52397ED555947FDA31299047DF6B8F8

1 B
667 B

40ms
40ms

Document
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:F52397ED555947FDA31299047DF6B8F8
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=1811759&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Host: simage2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/showad.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; KADUSERCOOKIE=E60952DF-2B40-48F7-9D12-884507708F09; PUBMDCID=3; KRTBCOOKIE_107=1471-uid:oIAdzBXG1Lcn365; KRTBCOOKIE_27=16735-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&KRTB&16736-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&KRTB&23019-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&KRTB&23114-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca; KRTBCOOKIE_391=22924-748800383688539734; KRTBCOOKIE_377=6810-25cdaedb-1c69-42ce-aa53-86f520887a6e&KRTB&22918-25cdaedb-1c69-42ce-aa53-86f520887a6e&KRTB&23031-25cdaedb-1c69-42ce-aa53-86f520887a6e; KRTBCOOKIE_22=14911-4166112801591774730; KRTBCOOKIE_594=17105-RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003&KRTB&17107-RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003; KRTBCOOKIE_1074=22956-e_d574ea0e-5539-4ab0-ac87-661fde849d38; KRTBCOOKIE_409=22966-ze1MPIDzbyJHHFex1rbUWVTT&KRTB&23212-ze1MPIDzbyJHHFex1rbUWVTT; KRTBCOOKIE_153=19420-udyigL6PqIeijqLVvIm91eveqIKi2KHQv9ln-pGS&KRTB&22979-udyigL6PqIeijqLVvIm91eveqIKi2KHQv9ln-pGS; KRTBCOOKIE_80=16514-CAESED77e1pglK8XWemkl5xzF5U&KRTB&22987-CAESED77e1pglK8XWemkl5xzF5U&KRTB&23025-CAESED77e1pglK8XWemkl5xzF5U; KRTBCOOKIE_57=22776-910849219510724670; KRTBCOOKIE_699=22727-AAGgR07AWjkAABBjpTst7Q; KRTBCOOKIE_188=3189-6b3ff109-d5b4-4d00-a46d-57a113c97e89-602d1c8e-4348; PugT=1613569167; SPugT=1613569167; pi=158127:4; chkChromeAb67Sec=2; DPSync3=1614729600%3A219_197_201_227_226_221%7C1613606400%3A174; SyncRTB3=1614729600%3A54_99_223_165_81_7_8_161_204_21_220_88_166_222_78_5_3_56_71_189_55_22_176_13_104%7C1614124800%3A67_15_2%7C1616112000%3A203%7C1618704000%3A69%7C1614816000%3A35%7C1614384000%3A63
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

Date: Wed, 17 Feb 2021 13:39:26 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
Set-Cookie: PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 18-May-2021 13:39:26 GMT; path=/
X-lat: Pug23032:0:263
Content-Length: 1
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
X-Cnection: close
Content-Type: text/html; charset=utf-8

Redirect headers

server: nginx
date: Wed, 17 Feb 2021 13:39:28 GMT
content-type: text/html
content-length: 154
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:F52397ED555947FDA31299047DF6B8F8
set-cookie: suid=F52397ED555947FDA31299047DF6B8F8; Path=/; domain=simpli.fi; Expires=Fri, 18-Feb-22 13:39:28 GMT; SameSite=none; Secure; suid_legacy=F52397ED555947FDA31299047DF6B8F8; Path=/; domain=simpli.fi; Expires=Fri, 18-Feb-22 13:39:28 GMT; Secure;
expires: Tue, 16 Feb 2021 13:39:28 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

GET
H2

200

/
spl.zeotap.com/ Frame 91AE
Redirect Chain

https://pixel.onaudience.com/?partner=214&mapped=E60952DF-2B40-48F7-9D12-884507708F09
https://spl.zeotap.com/?zdid=1332&zcluid=4e7d44f52a2b2ae8

8 KB
8 KB

33ms
32ms

Image
text/html

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://spl.zeotap.com/?zdid=1332&zcluid=4e7d44f52a2b2ae8
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray: 622fea2bdf20dfd7-FRA
date: Wed, 17 Feb 2021 13:39:29 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: text/html
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
content-encoding: br
access-control-allow-headers: *
cf-request-id: 0851d0af6b0000dfd7c83a5000000001

Redirect headers

location: https://spl.zeotap.com?zdid=1332&zcluid=4e7d44f52a2b2ae8
content-length: 0

GET
H/1.1

200
OK

SPug
image4.pubmatic.com/AdServer/ Frame 91AE
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=e206602d-1c8c-4800-aac6-ee0a474da9ca

0
587 B

1149ms
35ms

Image
text/plain

185.64.189.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=e206602d-1c8c-4800-aac6-ee0a474da9ca
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Date: Wed, 17 Feb 2021 13:39:29 GMT
Content-Encoding: gzip
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-cache
Transfer-Encoding: chunked
Content-Type: text/plain; charset=utf-8

Redirect headers

Date: Wed, 17 Feb 2021 13:39:31 GMT
Server: MT3 3518 2f03077 master zrh-pixel-x29
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=e206602d-1c8c-4800-aac6-ee0a474da9ca
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 17 Feb 2021 13:39:30 GMT

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame 91AE
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_cons...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=8f246df9-7125-11eb-8024-1b29d755e37f&gdpr=0&gdpr_consent=

1 B
997 B

41ms
40ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=8f246df9-7125-11eb-8024-1b29d755e37f&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Wed, 17 Feb 2021 13:39:29 GMT
X-lat: Pug23046:0:264
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=8f246df9-7125-11eb-8024-1b29d755e37f&gdpr=0&gdpr_consent=
Date: Wed, 17 Feb 2021 13:39:28 GMT
Server: Apache-Coyote/1.1
Connection: keep-alive
Content-Length: 0
X-CI-RTID: 8f246dfa-7125-11eb-8024-1b29d755e37f

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 8850 37 KB
14 KB 35ms
34ms Document
text/html 23.218.208.200
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.200 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-200.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e70f46ce29bc22961327a3240b545cf419346d8c52316f774c7a7b2685914b8e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/showad.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; KADUSERCOOKIE=E60952DF-2B40-48F7-9D12-884507708F09; PUBMDCID=3; KRTBCOOKIE_107=1471-uid:oIAdzBXG1Lcn365; KRTBCOOKIE_27=16735-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&KRTB&16736-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&KRTB&23019-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca&KRTB&23114-uid:e206602d-1c8c-4800-aac6-ee0a474da9ca; KRTBCOOKIE_391=22924-748800383688539734; KRTBCOOKIE_377=6810-25cdaedb-1c69-42ce-aa53-86f520887a6e&KRTB&22918-25cdaedb-1c69-42ce-aa53-86f520887a6e&KRTB&23031-25cdaedb-1c69-42ce-aa53-86f520887a6e; KRTBCOOKIE_22=14911-4166112801591774730; KRTBCOOKIE_594=17105-RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003&KRTB&17107-RX-d33d2476-2f1e-4b2d-bf19-669dcba4c78d-003; KRTBCOOKIE_1074=22956-e_d574ea0e-5539-4ab0-ac87-661fde849d38; KRTBCOOKIE_409=22966-ze1MPIDzbyJHHFex1rbUWVTT&KRTB&23212-ze1MPIDzbyJHHFex1rbUWVTT; KRTBCOOKIE_153=19420-udyigL6PqIeijqLVvIm91eveqIKi2KHQv9ln-pGS&KRTB&22979-udyigL6PqIeijqLVvIm91eveqIKi2KHQv9ln-pGS; KRTBCOOKIE_80=16514-CAESED77e1pglK8XWemkl5xzF5U&KRTB&22987-CAESED77e1pglK8XWemkl5xzF5U&KRTB&23025-CAESED77e1pglK8XWemkl5xzF5U; KRTBCOOKIE_57=22776-910849219510724670; KRTBCOOKIE_699=22727-AAGgR07AWjkAABBjpTst7Q; KRTBCOOKIE_188=3189-6b3ff109-d5b4-4d00-a46d-57a113c97e89-602d1c8e-4348; PugT=1613569167; SPugT=1613569167; chkChromeAb67Sec=2; DPSync3=1614729600%3A219_197_201_227_226_221%7C1613606400%3A174; SyncRTB3=1614729600%3A54_99_223_165_81_7_8_161_204_21_220_88_166_222_78_5_3_56_71_189_55_22_176_13_104%7C1614124800%3A67_15_2%7C1616112000%3A203%7C1618704000%3A69%7C1614816000%3A35%7C1614384000%3A63; repi=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=85720
Expires: Thu, 18 Feb 2021 13:28:08 GMT
Date: Wed, 17 Feb 2021 13:39:28 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 8850 47 B
524 B 40ms
40ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=47628054&p=158127&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 09343d3b3473e1c994b2d603c99feb8a0f63fbd3ff20be7432ff18b973dbe651

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 13:39:26 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 47
Content-Type: text/html; charset=UTF-8

GET
H2 200 ptmd
dt.clnmde.com/ 70 B
330 B 124ms
121ms Image
image/gif 100.24.200.179
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.clnmde.com/ptmd?t=16135691624413246214969_N4IgLgDghiBcDaiCMAaADAXSykBLAbnABw4DOYUYArqXPACwBMKSAnBjgF4yyogQBzOCEI4ApgDtCsfiBwCAFsKQA2JAGYArCtarG9ehv0rGSeqx1zwtGWcasiaAOz0TmzUSv4bIFQDo0P3UiJCsoABs4dRwAMwBjOABaPjEwXDhVDW1dEzIwIVg0MgBrZTUtHT0AfQs2VnonJA8ndSsxXAhlIk0-Jv8kJx6kIic2qh4+KnTC8XxIhFAJKABbMWEAI1wAEy2xACcq7astyh5QTZ39w624CSpw8Jx8XGuyrMq1QbRgrTRQgF9-ihFis1jILrsDkccCcKHBzttIa9YHcHk8XkdbOVspl6Jp1PQQh5NCBAcCQEtVhtEVdoSBYWcQBDaTcUfdHiIMayQJkKjkBionE40AZ6qSgSCqeCaVCbjDTvCmTLkaiOc9kTzsR8NGYmI5VOKOCBSOFyG8+Xp6ForOEYhl0RreTjyrrGPqVFY4jQwBqiABhACqmgAQgARFQAUQA6lYBAleFrdMLXJocABHMF8GLTND-IA
Requested by: Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 100.24.200.179 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-24-200-179.compute-1.amazonaws.com
Software: / Express
Resource Hash: c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 17 Feb 2021 13:39:31 GMT
x-powered-by: Express
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: image/gif

POST
H2 200 ptmdP
dt.clnmde.com/ 7 B
328 B 121ms
121ms Other
text/html 100.24.200.179
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://dt.clnmde.com/ptmdP
Requested by: Host: pxlclnmdecom-a.akamaihd.net
URL: https://pxlclnmdecom-a.akamaihd.net/javascripts/browserfp.min.js?templateId=3&customerId=8CU5BD6EW
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 100.24.200.179 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-24-200-179.compute-1.amazonaws.com
Software: / Express
Resource Hash: aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 17 Feb 2021 13:39:32 GMT
vary: Accept-Encoding
x-powered-by: Express
etag: W/"7-Jgyp3YpFd/wAt71YECmAdg"
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
content-length: 7

GET
H2 200 log
lg3.media.net/ 35 B
206 B 30ms
29ms Image
image/gif 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/log?&logid=kfk&evtid=adPrvLog&otherprov=0&cid=8CU5BD6EW&crid=816788371&cc=CH&ugd=4&timeTaken=2&vi=1613569161767704494&r=1613569177213

Requested by

Host: securityaffairs.co
URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Jetty(9.4.35.v20201120) /

Resource Hash

796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:39:37 GMT
server: Jetty(9.4.35.v20201120)
strict-transport-security: max-age=21600
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Wed, 17 Feb 2021 13:39:37 GMT

GET
H2 200 ptmd
dt.clnmde.com/ 70 B
330 B 121ms
121ms Image
image/gif 100.24.200.179
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.clnmde.com/ptmd?t=16135691624413246214969_N4IgLgDghiBcDaiBMAaADAXSykBLAbnEmjgM5hRgCupc8ALKgIwCcGOAXjLEzhAOZwQhHAFMAdoVggIIHPwAWQpgDYmAZgCsKlqqT16G-SqRN6LHXPC1pZpCwAcaAOz0TmzQ6v4bIFQDo0f3UHJisoABs4dRwAMwBjOABaXhBRMFw4VQ1tXRMyMEFYEhBSAGtlNS0dPQB9C1YWemcmT2d1K1FcWVsHTX9WgKZnfqYHZ06qblSqTOKxfCiEUHEoAFtRIQAjXAATXdEAJ1q9q13KblAd-aOT3bhxKgiInHxcO8qcmrURtBCtNBhAC+QJQK3Wm2k1wOx1OOHOFDgVz2MI+sEez1e71OtiquWy9E06nooU8mhAILBIFWG22KNucJACMuIGhDPu6KeL2E2I5IGy1TywxUzmcaAMTQpoPBtKh9Nh93hFyRrPlaIx3LeaP5eO+GjMjCcqil7FKEXIn0FenoWisEViWSx2oF+KqBqQRpUVniNDA2ocAGEAKqaABCABEVABRADqVn4iR4ut0DmMKhwAEdIalYnM0ECgA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 100.24.200.179 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-24-200-179.compute-1.amazonaws.com
Software: / Express
Resource Hash: c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77

Request headers

Referer: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 17 Feb 2021 13:39:42 GMT
x-powered-by: Express
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Bafp-Eg, Bafp-Ec, Bafp-Eg-T, Bafp-Ec-T
access-control-max-age: 1800
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: image/gif

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Roboto+Condensed%3A400italic%2C700italic%2C400%2C700&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Cgreek%2Ccyrillic%2Clatin-ext%2Cvietnamese&ver=688ce3e49e5ecefa1cd650833f2ac646

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C400italic%2C700italic&ver=688ce3e49e5ecefa1cd650833f2ac646

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=688ce3e49e5ecefa1cd650833f2ac646

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Oswald%3A400%2C700%2C400italic&subset=latin%2Ccyrillic-ext%2Cgreek-ext%2Ccyrillic&ver=688ce3e49e5ecefa1cd650833f2ac646

Domain: served-by.pixfuture.com
URL: https://served-by.pixfuture.com/www/delivery/headerbid_refresh_alex.php?dat=24272x320x50x4142x_ADSLOT1&keywords=popular,shareit,app,is,affected,severe,flaws,yet,be,fixedsecurity,affairs&refUrl=&refresh=false&innerWidth=1600&mainDiv=24272x320x50x4142x_ADSLOT1&flag=true

Verdicts & Comments Add Verdict or Comment

142 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.taboola.com/	1970-01-20 00:58:25	Name: t_gid Value: 89bc7e3d-000c-455e-ac37-388e05573523-tuct726a21c

36 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 69) Message: JQMIGRATE: Migrate is installed with logging active, version 3.3.2
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.fn.blur() event shorthand is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.fn.focus() event shorthand is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.fn.load() is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.fn.click() event shorthand is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.fn.hover() is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.isArray is deprecated; use Array.isArray
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.fn.submit() event shorthand is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.fn.unload() is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.fn.scroll() event shorthand is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.trim is deprecated; use String.prototype.trim
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: 'jQuery.easing.swing' should use only one argument
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	log	URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html(Line 91) Message: CMP IS NOT FOUND!!!
console-api	log	URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html(Line 101) Message: CMP IS NOT FOUND!!!
console-api	log	URL: https://securityaffairs.co/wordpress/114636/mobile-2/shareit-app-flaw.html(Line 101) Message: CMP IS NOT FOUND!!!
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.isFunction() is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.isWindow() is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.fn.bind() is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.fn.offset() requires a valid DOM element
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace
console-api	warning	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 100) Message: JQMIGRATE: jQuery.fn.change() event shorthand is deprecated
console-api	log	URL: https://securityaffairs.co/wordpress/wp-includes/js/jquery/jquery-migrate.js?ver=3.3.2(Line 102) Message: console.trace

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
acdn.adnxs.com
ad.turn.com
ads.playground.xyz
ads.programattik.com
ads.pubmatic.com
adservetx.media.net
adservice.google.com
adservice.google.de
apex.go.sonobi.com
api.rlcdn.com
aud.pubmatic.com
bh.contextweb.com
buttons-config.sharethis.com
c.sharethis.mgr.consensu.org
c1.adform.net
c2shb.ssp.yahoo.com
cdn.pixfuture.com
cm.adgrx.com
cm.g.doubleclick.net
cm.mgid.com
cms.quantserve.com
connect.facebook.net
contextual.media.net
cs.media.net
d5p.de17a.com
dis.criteo.com
dsp.adfarm1.adition.com
dt.clnmde.com
dt6.clnmde.com
eu-u.openx.net
fonts.googleapis.com
fonts.gstatic.com
gcm.ctnsnet.com
google-analytics.com
googleads.g.doubleclick.net
green.erne.co
gum.criteo.com
hbopenbid.pubmatic.com
i0.wp.com
i1.wp.com
i2.wp.com
ib.adnxs.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
l.sharethis.com
lg3.media.net
match.adsby.bidtheatre.com
match.adsrvr.org
match.justpremium.com
match.prod.bidr.io
match.sharethrough.com
match.taboola.com
maxcdn.bootstrapcdn.com
mug.criteo.com
mwzeom.zeotap.com
navvy.media.net
openx2-match.dotomi.com
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-sync.sitescout.com
pixel.advertising.com
pixel.onaudience.com
pixel.quantserve.com
pixel.tapad.com
pixel.wp.com
pixfuture2-d.openx.net
platform-api.sharethis.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebidserver.pixfuture.com
pubmatic-match.dotomi.com
px.adhigh.net
pxlclnmdecom-a.akamaihd.net
qsearch-a.akamaihd.net
rtb-csync.smartadserver.com
rtb.gumgum.com
rtb.mfadsrvr.com
rtb.openx.net
s.tribalfusion.com
secure.gravatar.com
securityaffairs.co
served-by.pixfuture.com
simage2.pubmatic.com
simage4.pubmatic.com
sonata-notifications.taptapnetworks.com
spl.zeotap.com
stats.wp.com
sync-tm.everesttech.net
sync.1rx.io
sync.bumlam.com
sync.crwdcntrl.net
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.targeting.unrulymedia.com
sync3.sniperlog.ru
tpc.googlesyndication.com
trc.taboola.com
uipglob.semasio.net
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
visitor.fiftyt.com
ws.sharethis.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
fonts.googleapis.com
served-by.pixfuture.com
100.24.200.179
104.18.12.5
104.19.133.78
142.250.185.226
146.59.148.16
151.101.114.49
157.245.94.128
159.253.128.188
159.65.197.210
173.231.181.122
178.162.133.149
178.162.133.150
178.250.0.157
178.250.2.151
18.156.0.31
18.159.69.204
18.184.181.235
18.193.131.107
18.193.136.159
18.195.238.30
18.197.47.23
184.30.24.22
185.29.133.199
185.33.221.87
185.64.189.110
185.64.189.112
185.64.189.114
185.64.190.106
185.64.190.78
185.64.190.80
185.64.190.81
185.86.139.89
192.0.76.3
192.0.77.2
193.0.160.128
193.232.148.141
198.148.27.139
199.232.137.44
2.16.186.67
2001:4de0:ac19::1:b:3b
2001:678:cb4:bbbb::11
2001:8d8:100f:f000::289
213.155.156.181
213.19.147.151
23.218.208.187
23.218.208.200
23.32.238.163
23.62.140.165
2600:1f18:42df:3a00:e8b1:a0ff:a34c:ada
2600:9000:2127:6000:1c:8a07:5e80:93a1
2600:9000:2127:7200:c:a9b7:ddc0:93a1
2600:9000:2127:ac00:c:abe:f440:93a1
2600:9000:21a1:aa00:3:c04e:c780:93a1
2606:4700:10::ac43:db6
2606:4700:20::681a:a9c
2620:116:800d:21:f916:5049:f87f:108e
2a00:1288:110:c305::8000
2a00:1450:4001:800::200a
2a00:1450:4001:803::2002
2a00:1450:4001:809::2001
2a00:1450:4001:809::2002
2a00:1450:4001:809::2003
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2008
2a00:1450:4001:810::2003
2a00:1450:4001:811::2001
2a00:1450:4001:812::2004
2a00:1450:4001:812::200a
2a00:1450:4001:827::2004
2a00:1450:4001:827::200e
2a02:2638::1c
2a02:fa8:8806:13::1400
2a02:fa8:8806:16::1370
2a03:2880:f01c:8012:face:b00c:0:3
2a04:fa87:fffe::c000:4902
3.126.56.137
31.172.81.160
31.172.81.172
34.120.207.148
35.157.168.25
35.158.49.68
35.186.193.173
35.186.253.211
35.201.96.126
35.210.215.44
35.227.248.159
35.244.159.8
37.157.6.253
52.200.246.203
52.210.253.186
52.214.70.9
52.28.129.241
52.28.203.152
52.51.224.103
52.52.52.5
63.33.123.138
66.155.71.25
68.183.31.14
77.243.60.138
85.114.159.93
87.98.128.108
00d534b6d1d7adf2faa7861ce9557403c3c08304e2791fd4301029b0e142c286
00f0d946986d4a5476e4956c1782a490c49bc74818bd2c9bd4feeaaa103ae67f
00f28fdb987ce0f9edc935ffe381123a2e1f79fcc0f55759a7bb4a83b4a88584
027fb1d4e70b626e415937f38931e2e9f53a029f814dae4684d9682d668b441a
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
06d10799cfc34653767c7159074fa0a1983e4c0c8eed139653b3f7ee8fbb6a20
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34
081050a050b51472f12c3ed9f97830061b8a8d27575facfeb0f9de8a5b234764
0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9
09343d3b3473e1c994b2d603c99feb8a0f63fbd3ff20be7432ff18b973dbe651
0a4c16b7f5c1b1ecefc9ffb4fcf1b457f9282d0863fa61d4dd32ad98dafa9a60
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c27a9c1aee9eacb73655f930a6bbf9ec721006695e5c38405296081cdbcb878
0d6b10e5e73d115155396fa3079e599f107d3c18019d410224c3a3fddca5a12f
0d8c61b7b46c4d214451eb2ff48a6c9d17ef2b6786077a65dc0c6ea2542c24b7
0e1ba71e147401d2e86a6cca731ec60361c200ed05c4f03901713479f33b219e
0e53466218d7ff174e0a083ecce89b1c090c67ccbe55775eddca03e930ff9e35
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
1082b879cd43a0dec9ab3cc9ae2ddad7426c64e73fed45067c89afcac5bdd227
119874c68793507e6999f9aaa02bfb6628a452ba248a46c719ab850ae9be5e21
126421ca99f4c3186cf23d5b2d475fc3e8b9953e89c0388376ed14206d098b0e
13b61826fde5b78966364a0bfe1f2309da1f0ccd75923528a5014978b7276742
177d76801bdbecdb0d27109e118ae54a929156deac8ca44b46924a5c0f43cd7a
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1832a6ee34745b08b1fcae42c24468086358b43071d7679a738951aa7dc243ea
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
18d61b5ee68a57bd7a4733f776f9f8aa5c353e7f35a420881523b6edbf7c6b19
1aaab3c3d6f974416ae34893cebe3a544aea17931439b2449ec392061d11ec82
1daab0f66666bc3a1d05d70de979a80680d985cc924e233fab61eef2d03bafe2
1e182450674b6ffbdfadfdc1111d1c744bee6ca085bb84149fc589d86566bf00
1e93f66cbe9b485135f0c8bbc9eaccf882ded6eb71daadde99a8426f6db7cb31
1f72d586e08cf0211885038022fee9653914d76946be20b81828ff09d8206b3b
1fdfbccaadd8f18b6be346d768190187d43f1fc750fdef63797bdde6adc473e8
2199990352edbb7ec586e01d26e2f6a7010a2fce1517711019b614dcec353ba3
2333802e4a0c86b4cc4c71b376fc0aedc3b03039bfc777d96105f82231215732
24583638f8c4bd2d5dff22bddefbb24f8d047868e71ad2c029b1698b6926c85c
2a1b2ebe6a2b314929967bdf1ba8c694fb45bf76a5b847e57fb847b3cdd9338a
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
2d062987c5e35e10a1727dd6f6979633c845bcead5b032119594a1563e4c4c53
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2edd1f9e91e1dcdc50978db5d54354adcffddd7da0277c650ccf4ad34275ea7a
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
36f08afb776520c0a7e9807c783489dda647b65ab0a903db0c0197038c252a3f
380068ce92694b1f6fa7f860a0d26d5cd5d3e265dc6dfd088ce1ae1403ef0cdf
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3eb00bcbdf8063539eb4f8e5e4831c381d168575ee2630304ee9b997ee6affa8
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
403a66e2c1229bea681682cf8e17bbcc1c3990e0d200161ed3c094c9100141f7
40bc46248d8f8d5fbea7678bd0c0031327e206daaf99f3bf6723b9a70f665f7f
414d8b428bdb05db9e520b23c7855cb14d5eee21007b4492d7f151f46ffd0f3a
44f4c4b4880af1f974aae99eb91e9fd77179ddc4d35f959159740f149804bc1e
45185c8f6cd2f9b42e3a02b78af40edc7d61328fac3167a0490c9c69bbecaaa6
466e0865ab6764bbe7a1de7419d0d8a91279592283915a5fc1d6ad32c0ac3fe8
46db7a0a77511a777f77205b377cde8df6937dbde8a6e63441d7829d8f6ccfee
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504
4a47020c7133fbd4487539f0d04c700d195c32ac057d741be039e9582beee778
4c24e3d3e560c70d555d73f0fe4cca123744857b6503f61f25ac4473accf3936
4c6b4ef22f4c5dd8fd6e17ab6706d8c55d236824c20b3d8dcd310f7de744def6
4db6732268b3d9330df1068351b18e2fd1c1c6da87b5953259b022a19ddfe7a5
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e5197b0adf42cb8d5d91c2498ea5ee54c911f111ea2a3ad3ac623bc4a941dea
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
508a8b73dfefe6e9998cca8a66aef5f7b9b5a8b24b35ae0e6e8a02f37d4a2c93
5213596549a4e2921c9c6a17f5310ee8b7189486fb590542a62e92b171d3f71e
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
5525d57ced576560de8777ea78e4bc0c9d55396c0b668a7563b354de9c165aee
56159a7fa211c042c8da7005984653715f938917383f74292247f7b271469fb6
56d728305bb3e7df832272820f81e3324ceb01884d538f873c202e6af173281b
5b4c904143c11b38f2342e2bfa7ca81e58b3d5034b5928d664da0aa86ff692c4
5cbf31f01d7d1ce4853bcd6cc64dbfd103d412ec14d8bcc4ebca3b35dc3f3b74
5e8e0782182aa8256f40b134bb89122173d98fcd428bd1338b74430ad6567c01
5fee2a3e4db0a9b907550346569920e7ea79a4b855260d5c9d063aebd408ce52
6251b4b4525b9007511a48a6cda9a168f07ff77ccc4dd75759486af624a13301
6489510e508efffa5e44c674a67c9cb1b58115b666e522062ebcaeae646f8430
64c06ce1ac27f0105b0f173d836436c12d28d2fad0193a3fb31f14a9045afe0f
650868ebc4c00b2ea4ea72747f655f8a0552ba53c9b5b55defd9457be75f1aa9
65cfa6801a0886fab249b224e8a6982b4740fe7879fce99ff13ddaac9aaca01a
6a988f4f14a4f897e6d2b617bdd71095b6bbd22124a971d2cd8e6afa4c382c3e
6a99e7d178fd19b946a936a0f64d31a1af2e843b889ab515ada00d38622c5d67
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
718d8e9bf93740a3a90b67e53219319342074524b2dede8ba219eea4c41ea0c4
73cadf4725483d9a9290b8ea3ad87fe2afc746de5f70e89f088a3df9996bd8dd
7478123ab457a28ecf9df78f2832fbdbefc205eaef0930b4f6666903e756be46
759949fb0ffaa47eb3755d704adfee7be3ab4fd3d3fa2f37381ca6ea8b9506b1
76a18f5f0637e0d73ce1afece898ce8b0fa75bb6b1c1990ae4a7ac6b083045ce
76d35c700a1d819d2ab5bdeeaa17c7e4a2291f5ca1bdfafa6398e8bd49ad943a
779d68ba221aa1efe83b46b8d8c5932a9c82ad2357b9cc9428c9dabf996d1875
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7ab0341f68cc06548e5b65a9660bf17584dd7a03bc68edf26a41a560789d1a84
7afc7b54bbbad16fe2391ef2796e50a0b84e38a57ca9528092cefa94126ef4a5
7d1c7d7f12f8438029e802f7dbf56969528d9b066eaa8c59aa1278ce87096e4c
8131f5be1c9e7baf874e18616ffea1f98724a4beed116b60a666997a027a5fc8
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85a14d9b722f0b48f6ae7c9bb1b081946a5ef8eaf90ef21ef46364c76a3874bd
86f937a29eaee70aaf9935799a414bea46c62fb136cc0465f63f9d6820cf4982
873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745
87e389a3a4bd245fb6f0caec79116717f0de1512386058feb5e3565558ad19db
888f70266b1b7fa98ef2a027344d5c6aeffabcce06c1631596530d9b10860b01
8b258fe1df53ab82f5569b5aa60b37cc0fa6cc6a09cb87c39a6c6d5ed8a1072a
8c20205eb1af2fc08002b5afb088671f231100de7eab457f2e69d5aa934fb1d6
8c43e551763d3628fab88767caacb3188f69afa8d1290cf3f9d61ab09cb56073
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d732b3483eb44546a848a82cc9d6a584c81860aae7255f7ac589dcb3f130535
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
92cf53749e842af23c4d55930e22099eb478b6b4f36a2640bf406cbbed76f286
92df8f3f6af203d94b1da05c5b3b2d6d6cbd0292d6bcb19ffb6e6fb7fbce81b9
936c3e0cfba7a07ab55be383aeca9d39dcde7b4e9cddbfd973f78e34d3cc7078
95adfb11fab85fa32174133e3a3a76cafe33cf146f19ed02cca1d20c65469fbd
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a302e816f0c0489121fd6dd9c5de689d8cbb0e88300f81eaf7af2aa6320e61e
9a47abcc220084cd32dd51bd76f84ff7839e2dbf1a132fb970e8a1437f03726b
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c062d10663416484b5a59bb47a0308526bec56cc69e9f3499fa087d8eae5c7a
9c4ac725c395d8cef3ca43823fdbb4221641e26ec4ccb27020c809760c83653a
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833
a174d97af97444a78de9a08a52674b937cf4e0f27f1dc0a6e2455805153596ac
a1c8f29337a7abfdcde999ff2ff0c5dd1f124d40bc13da314c83579c1d44ff3b
a3e61a3c6e1a2e7ba11610657d76df363bb97f437d3c938e86123cbe2d41a649
a902ffc1c259dc54cb51d32618f4238568e5bcac3d32afc33e6729277f67dffb
a92c9b4a2f4c0c6a6e69ee4b648c2aa1cf71bd92cb5d03811e2fb5048e96acde
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
ab5eded321899e4ea1bdb0b088651758420390ee6f8e6d1e3e2a6af4495f3be0
ac84513c4c5ea7e4458e91c46e33ba71b56e19fabf93cc079ffcb01a975c2e3d
aedc05cefbe1fb2c60cfb8b55464ccb2376060fb62047a1e3f07c0cbffa0947a
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
af7abdbcee9fe7d9eed8ff21d4a2ef12c31d2c374b77c8c67b1bf7c8b752f925
af96a3a456e21f978d7564e240c2568ce325d8925777a8e808c08a738ce294ff
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc
b12c1cd811f54d11bfdcb5e235e73934a8b8a7a85eafb8529117f9a5bb64ccf8
b1e1b2a8b8f94f9d87c7c5bbfd84da8ed35719741ff8892c7e471a286a1391b6
b337552ecf4ac2075d5a5cb520e9a95cbcf4e836420c642f6b698f61f4550a64
b49b02fc1286f940cce0e398d850753f00338dbb321a51e2aadf996223c9c7e9
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b8fa20af264fcdd99621fc4e3a770927452b0fe382599e0d890a3bfa31152f80
b97d80b9eedfeb29936f0d7f89afbdd425ef8d930d09fa1f98030ceb8b26cabd
ba50b163e9b418b2143616d075368e1b0b6a11e326d3805eb1e006de8270e050
ba716187f8cc8c54806f5b9de46d1d94bec574ddf31c82f68532cd181e242b7f
bdec2cf98067424804869b7686735623c4f6fb88ce27718d27619860481b7733
c312c8dcff723c5dcea1f1fc9cc0de63d9c7f29783cc9a0a4a1239c7619b5c7e
c32a6272694a3ff9b3db93d79ea28ff12c9fbe4087b4cc435d060966f4d06c38
c414cd0e204de974f73753c7e28d7638e7b3691bb8b1a2bab6b25bb7fed7ce77
c5b30f7a4c85ed6d75e7f4d7449536702e420e9947555394f8e1a4885e48854c
c6be819465ebc64b0b21a82ff5a008feeb7c328eae6b29a1b3b3540e16f6c3fd
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
c8817bacfc84fd39e4daec4096011ed3d117c7fe8b3c55fdd22af47c299099bc
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
d31ccd909ed7bd9e9d5ab0b9be58d3190c6d02bf4c0af9cdae18b05470ebf3ac
d3a735be72b0bc85a066b1e648c638109f722c95eda669f9ad6c5eeeae5917c9
d44b68c7b3e659196a6a72662f4e2e903044d6e64a6a5c0002602711cd68a8fa
d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4
d99ea9db1da8549489666d36c9e3fb717842550eed1554e96860af8d30c3b008
d9ac862518df3efb07d7cecda391ab683489cf26fa04d62e179ba60869dd69bb
d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39
dbdabb5b5784d0233f584f2289c1c833a32ba90e5af95bee845537c578b7a9b4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
df00e5602e4ae67c3cbf309caadaf192ec397b9a60887e1e6bfa11fe21af1233
e243f7c1d4f219756e581bcd30f175bd112c692b3807e481eafdc7621fb483e7
e2dc35b0dbaa16b45d96eb3691927df48e091f4983ed2cc079568b789f9559da
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6
e70696531ebef4e25c157f95ad6730a529ac4df922aa285b3d6e9236007e8820
e70f46ce29bc22961327a3240b545cf419346d8c52316f774c7a7b2685914b8e
e716e22d4b8e9cfc81725c3d40e4a1788515f64a294a18d3181098e36fcbf1e9
e89bbc7723c5114f9cf138c6019bbca4e4f5e13f6b9febaa38c92c4c3584a964
e8caad51a19c5667e4fc7ae6a3b9bf8a23559bb64b09b0c6e90cad6d24083ea6
e8fed4d659201749ef6e80fc033f59045a6f6c59784bebfe96d32b7261565e7a
e98cd00e7be004c4360ad0c38471911312d74a117babcc29f239935afc80c8cb
ec507071e075a307f8775b6866e0217f05fee7a7b1305cdb674f24b78465edaa
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c6d2d27de284102b03e30cd74be808801ec53ca49f30b4d15620ee84ea39f5
f199a20f1fee7dec152b3591272f9715b536ed88b4c36194488fd5a734caf707
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f4d4eda42f85c6ccbbb5de2aff596085b3b1d380c8585464f2e53df2cad66f8e
f60f957d712e2f772500f438e71551d51b59512d267aabd2278231fcc7cdf981
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f8284365ba340253ee9c71cfb5efcc37f10a23e8b8b5dd134ec7bbab05073845
f972ddd1b395375286ef790a1131480af9cae110ecf776dc496370c8b0d364d3

securityaffairs.co Open in urlscan Pro 2001:8d8:100f:f000::289 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

363 Requests

99 %HTTPS

30 %IPv6

72 Domains

113 Subdomains

71 IPs

10 Countries

4402 kBTransfer

6768 kBSize

1 Cookies

17 Outgoing links

Redirected requests

363 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

securityaffairs.co Open in urlscan Pro
2001:8d8:100f:f000::289 Public Scan

Screenshot
Live screenshot

Full Image

363
Requests

99 %
HTTPS

30 %
IPv6

72
Domains

113
Subdomains

71
IPs

10
Countries

4402 kB
Transfer

6768 kB
Size

1
Cookies

363 HTTP transactions
10 data transactions