www.threatminer.org Open in urlscan Pro
2606:4700:20::681a:eeb Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Submission: On December 15 via api (December 15th 2021, 7:42:08 pm UTC) from US — Scanned from DE

Summary HTTP 370 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 57 IPs in 6 countries across 47 domains to perform 370 HTTP transactions. The main IP is 2606:4700:20::681a:eeb, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.threatminer.org.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 28th 2021. Valid for: a year.

This is the only time www.threatminer.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
27	2606:4700:20:... 2606:4700:20::681a:eeb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
7	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1 1	2606:4700:10:... 2606:4700:10::6814:9710	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:20:... 2606:4700:20::681a:5d6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	172.66.41.9 172.66.41.9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	199.232.192.134 199.232.192.134	54113 (FASTLY) (FASTLY)
30	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
15	2600:9000:224... 2600:9000:2240:9000:6:8656:f5c0:93a1	16509 (AMAZON-02) (AMAZON-02)
4	151.101.64.134 151.101.64.134	54113 (FASTLY) (FASTLY)
1	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
5 13	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
2	199.232.196.64 199.232.196.64	54113 (FASTLY) (FASTLY)
5	199.232.196.134 199.232.196.134	54113 (FASTLY) (FASTLY)
1 2	104.244.42.72 104.244.42.72	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:4001:803::200a	15169 (GOOGLE) (GOOGLE)
52	151.101.1.44 151.101.1.44	54113 (FASTLY) (FASTLY)
1	67.202.105.33 67.202.105.33	32748 (STEADFAST) (STEADFAST)
2 6	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1	51.89.9.252 51.89.9.252	16276 (OVH) (OVH)
5 5	185.64.190.79 185.64.190.79	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4 4	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
1 1	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	198.47.127.20 198.47.127.20	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4 4	185.33.221.88 185.33.221.88	29990 (ASN-APPNEX) (ASN-APPNEX)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
3 3	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
1 1	213.19.147.45 213.19.147.45	26120 (RHYTHMONE) (RHYTHMONE)
1 1	64.74.236.63 64.74.236.63	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1	54.77.45.99 54.77.45.99	16509 (AMAZON-02) (AMAZON-02)
1	174.137.133.49 174.137.133.49	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
2 2	52.59.53.221 52.59.53.221	16509 (AMAZON-02) (AMAZON-02)
1	38.27.122.126 38.27.122.126	174 (COGENT-174) (COGENT-174)
2 2	216.52.2.19 216.52.2.19	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
1 1	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
1	67.202.105.22 67.202.105.22	32748 (STEADFAST) (STEADFAST)
1 5	13.32.121.72 13.32.121.72	16509 (AMAZON-02) (AMAZON-02)
26	2606:2800:134... 2606:2800:134:fa2:1627:1fe:edb:1665	15133 (EDGECAST) (EDGECAST)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1 2	209.54.180.144 209.54.180.144	16509 (AMAZON-02) (AMAZON-02)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	2a05:d018:d29... 2a05:d018:d29:3601:58ff:414:f08:16d6	16509 (AMAZON-02) (AMAZON-02)
2 3	104.111.242.53 104.111.242.53	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
62	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	37.157.5.142 37.157.5.142	198622 (ADFORM) (ADFORM)
1	2a00:1450:400... 2a00:1450:4001:812::2006	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
1	199.232.194.49 199.232.194.49	54113 (FASTLY) (FASTLY)
3	2606:2800:233... 2606:2800:233:8173:898f:63b3:95c3:79d2	15133 (EDGECAST) (EDGECAST)
2	2606:4700::68... 2606:4700::6810:a40d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:2800:233... 2606:2800:233:7ee2:97c:ab4c:6c70:be36	15133 (EDGECAST) (EDGECAST)
6	104.254.148.196 104.254.148.196	29990 (ASN-APPNEX) (ASN-APPNEX)
3	199.232.192.64 199.232.192.64	54113 (FASTLY) (FASTLY)
1	2.18.232.130 2.18.232.130	16625 (AKAMAI-AS) (AKAMAI-AS)
2	34.95.69.49 34.95.69.49	15169 (GOOGLE) (GOOGLE)
1	151.101.1.108 151.101.1.108	54113 (FASTLY) (FASTLY)
1 2	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
2	2a04:4e42:200... 2a04:4e42:200::300	54113 (FASTLY) (FASTLY)
2	141.226.224.32 141.226.224.32	200478 (TABOOLA-AS) (TABOOLA-AS)
370	57

27 2606:4700:20::681a:eeb (United States)

ASN13335 (CLOUDFLARENET, US)

www.threatminer.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:9710 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

i.creativecommons.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:5d6 (United States)

ASN13335 (CLOUDFLARENET, US)

licensebuttons.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 172.66.41.9 (United States)

ASN13335 (CLOUDFLARENET, US)

resources.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
router.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rt3025.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.192.134 (United States)

ASN54113 (FASTLY, US)

threatminer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
clients1.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2600:9000:2240:9000:6:8656:f5c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.64.134 (United States)

ASN54113 (FASTLY, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany) 5 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.232.196.64 (United States)

ASN54113 (FASTLY, US)

tempest.services.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 199.232.196.134 (United States)

ASN54113 (FASTLY, US)

referrer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.72 (United States) 1 redirects

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

52 151.101.1.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
15.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vidstat.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.33 (United States)

ASN32748 (STEADFAST, US)
PTR: ip33.67-202-105.static.steadfastdns.net

de.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2.18.234.21 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.252 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.64.190.79 (United Kingdom) 5 redirects

ASN62713 (AS-PUBMATIC, US)

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.58.212.130 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s46-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.80 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.20 (United States) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.33.221.88 (Amsterdam, Netherlands) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 726.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.156.0.31 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.19.147.45 (United Kingdom) 1 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.74.236.63 (United States) 1 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: chi.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.162.133.149 (Rotterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.77.45.99 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-45-99.eu-west-1.compute.amazonaws.com

s.cpx.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 174.137.133.49 (United States)

ASN27257 (WEBAIR-INTERNET, US)

dsp.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.59.53.221 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-53-221.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 38.27.122.126 (United States)

ASN174 (COGENT-174, US)

match.bnmla.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.19 (United States) 2 redirects

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.129 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.22 (United States)

ASN32748 (STEADFAST, US)
PTR: ip22.67-202-105.static.steadfastdns.net

ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.32.121.72 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-72.fra60.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2606:2800:134:fa2:1627:1fe:edb:1665 (United States)

ASN15133 (EDGECAST, US)

cdn.syndication.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.54.180.144 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3601:58ff:414:f08:16d6 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.111.242.53 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-53.deploy.static.akamaitechnologies.com

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

62 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.5.142 (Denmark)

ASN198622 (ADFORM, DK)

track.seadform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.194.49 (United States)

ASN54113 (FASTLY, US)

a.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:2800:233:8173:898f:63b3:95c3:79d2 (United States)

ASN15133 (EDGECAST, US)

abs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:a40d (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.viglink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:233:7ee2:97c:ab4c:6c70:be36 (United States)

ASN15133 (EDGECAST, US)

ton.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.254.148.196 (Los Angeles, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 547.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net

lax1-ib.adnxs-simple.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 199.232.192.64 (United States)

ASN54113 (FASTLY, US)

links.services.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.232.130 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-130.deploy.static.akamaitechnologies.com

acdn.adnxs-simple.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.95.69.49 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 49.69.95.34.bc.googleusercontent.com

i.clean.gg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.108 (United States)

ASN54113 (FASTLY, US)

cdn.adnxs-simple.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.248.159 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:200::300 (United States)

ASN54113 (FASTLY, US)

pips.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.226.224.32 (United States)

ASN200478 (TABOOLA-AS, IL)

cds.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
83	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	950 KB
56	taboola.com cdn.taboola.com trc.taboola.com 15.taboola.com images.taboola.com vidstat.taboola.com pips.taboola.com cds.taboola.com	662 KB
32	doubleclick.net 4 redirects googleads.g.doubleclick.net cm.g.doubleclick.net	282 KB
31	twimg.com cdn.syndication.twimg.com pbs.twimg.com abs.twimg.com ton.twimg.com	483 KB
27	threatminer.org www.threatminer.org	1 MB
22	google.com 5 redirects cse.google.com adservice.google.com www.google.com clients1.google.com	418 KB
22	infolinks.com resources.infolinks.com router.infolinks.com rt3025.infolinks.com	294 KB
16	disquscdn.com c.disquscdn.com a.disquscdn.com	552 KB
15	disqus.com threatminer.disqus.com disqus.com tempest.services.disqus.com referrer.disqus.com links.services.disqus.com	84 KB
9	googletagservices.com www.googletagservices.com	320 KB
9	twitter.com 1 redirects platform.twitter.com syndication.twitter.com	214 KB
8	adnxs-simple.com lax1-ib.adnxs-simple.com acdn.adnxs-simple.com cdn.adnxs-simple.com	83 KB
8	gstatic.com www.gstatic.com fonts.gstatic.com	83 KB
8	pubmatic.com 8 redirects image8.pubmatic.com image2.pubmatic.com image4.pubmatic.com	3 KB
6	casalemedia.com 2 redirects ssum-sec.casalemedia.com dsum-sec.casalemedia.com	7 KB
6	googleapis.com www.googleapis.com imasdk.googleapis.com fonts.googleapis.com	127 KB
5	scorecardresearch.com 1 redirects sb.scorecardresearch.com	4 KB
4	yahoo.com 3 redirects ups.analytics.yahoo.com pr-bh.ybp.yahoo.com	2 KB
4	adnxs.com 4 redirects ib.adnxs.com	4 KB
3	owneriq.net 2 redirects px.owneriq.net	1 KB
3	google.de adservice.google.de	1 KB
2	tapad.com 1 redirects pixel.tapad.com	888 B
2	clean.gg i.clean.gg	15 B
2	viglink.com cdn.viglink.com	530 B
2	amazon-adsystem.com 1 redirects s.amazon-adsystem.com	1 KB
2	lijit.com 2 redirects ap.lijit.com	1 KB
2	advertising.com 2 redirects pixel.advertising.com	674 B
2	google-analytics.com www.google-analytics.com	20 KB
1	2mdn.net s0.2mdn.net	49 KB
1	seadform.net track.seadform.net
1	rlcdn.com idsync.rlcdn.com
1	turn.com 1 redirects ad.turn.com	425 B
1	adsrvr.org match.adsrvr.org	265 B
1	33across.com ssc-cms.33across.com	72 B
1	rfihub.com 1 redirects p.rfihub.com	757 B
1	bnmla.com match.bnmla.com	112 B
1	adkernel.com dsp.adkernel.com	233 B
1	cpx.to s.cpx.to	945 B
1	sonobi.com sync.go.sonobi.com	474 B
1	zemanta.com 1 redirects b1sync.zemanta.com	288 B
1	1rx.io 1 redirects sync.1rx.io	184 B
1	openx.net u.openx.net	306 B
1	onetag-sys.com onetag-sys.com	814 B
1	tynt.com de.tynt.com	289 B
1	googleadservices.com partner.googleadservices.com	647 B
1	licensebuttons.net licensebuttons.net	1 KB
1	creativecommons.org 1 redirects i.creativecommons.org	314 B
370	47

	Domain	Requested by
62	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com www.threatminer.org pagead2.googlesyndication.com
28	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net lax1-ib.adnxs-simple.com
27	www.threatminer.org	www.threatminer.org
25	images.taboola.com	www.threatminer.org cdn.taboola.com
25	pbs.twimg.com	www.threatminer.org platform.twitter.com
21	pagead2.googlesyndication.com	www.threatminer.org pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com lax1-ib.adnxs-simple.com
18	cdn.taboola.com	www.threatminer.org cdn.taboola.com
15	c.disquscdn.com	threatminer.disqus.com disqus.com c.disquscdn.com
14	router.infolinks.com	resources.infolinks.com router.infolinks.com ssum-sec.casalemedia.com
13	www.google.com	5 redirects cse.google.com www.google.com www.threatminer.org googleads.g.doubleclick.net tpc.googlesyndication.com
9	www.googletagservices.com	googleads.g.doubleclick.net
7	platform.twitter.com	www.threatminer.org platform.twitter.com
6	lax1-ib.adnxs-simple.com	blank lax1-ib.adnxs-simple.com cdn.adnxs-simple.com
5	www.gstatic.com	googleads.g.doubleclick.net
5	trc.taboola.com	cdn.taboola.com www.threatminer.org
5	sb.scorecardresearch.com	1 redirects cdn.taboola.com www.threatminer.org
5	image8.pubmatic.com	5 redirects
5	referrer.disqus.com	www.threatminer.org
5	cse.google.com	www.threatminer.org www.google.com cse.google.com
5	resources.infolinks.com	www.threatminer.org resources.infolinks.com
4	fonts.googleapis.com	googleads.g.doubleclick.net
4	ib.adnxs.com	4 redirects
4	cm.g.doubleclick.net	4 redirects
4	disqus.com	threatminer.disqus.com c.disquscdn.com
3	links.services.disqus.com	c.disquscdn.com www.threatminer.org
3	abs.twimg.com	www.threatminer.org
3	fonts.gstatic.com	fonts.googleapis.com
3	px.owneriq.net	2 redirects ssum-sec.casalemedia.com
3	dsum-sec.casalemedia.com	1 redirects ssum-sec.casalemedia.com
3	ups.analytics.yahoo.com	3 redirects
3	ssum-sec.casalemedia.com	1 redirects router.infolinks.com ssum-sec.casalemedia.com
3	rt3025.infolinks.com	resources.infolinks.com www.threatminer.org
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
2	cds.taboola.com	cdn.taboola.com
2	pips.taboola.com	cdn.taboola.com
2	pixel.tapad.com	1 redirects resources.infolinks.com
2	i.clean.gg	acdn.adnxs-simple.com
2	vidstat.taboola.com	cdn.taboola.com
2	ton.twimg.com	platform.twitter.com
2	cdn.viglink.com	www.threatminer.org
2	15.taboola.com	cdn.taboola.com
2	s.amazon-adsystem.com	1 redirects ssum-sec.casalemedia.com
2	ap.lijit.com	2 redirects
2	pixel.advertising.com	2 redirects
2	image4.pubmatic.com	2 redirects
2	syndication.twitter.com	1 redirects platform.twitter.com
2	tempest.services.disqus.com	threatminer.disqus.com
2	www.google-analytics.com	www.threatminer.org www.google-analytics.com
1	cdn.adnxs-simple.com	lax1-ib.adnxs-simple.com
1	acdn.adnxs-simple.com	lax1-ib.adnxs-simple.com
1	a.disquscdn.com	www.threatminer.org
1	s0.2mdn.net	tpc.googlesyndication.com
1	track.seadform.net	googleads.g.doubleclick.net
1	pr-bh.ybp.yahoo.com	ssum-sec.casalemedia.com
1	idsync.rlcdn.com	ssum-sec.casalemedia.com
1	ad.turn.com	1 redirects
1	match.adsrvr.org	ssum-sec.casalemedia.com
1	imasdk.googleapis.com	resources.infolinks.com
1	cdn.syndication.twimg.com	platform.twitter.com
1	ssc-cms.33across.com	router.infolinks.com
1	p.rfihub.com	1 redirects
1	match.bnmla.com	router.infolinks.com
1	dsp.adkernel.com	router.infolinks.com
1	s.cpx.to	router.infolinks.com
1	sync.go.sonobi.com	router.infolinks.com
1	b1sync.zemanta.com	1 redirects
1	sync.1rx.io	1 redirects
1	u.openx.net	router.infolinks.com
1	image2.pubmatic.com	1 redirects
1	onetag-sys.com	router.infolinks.com
1	de.tynt.com	router.infolinks.com
1	clients1.google.com	www.threatminer.org
1	www.googleapis.com	www.threatminer.org
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	threatminer.disqus.com	www.threatminer.org
1	licensebuttons.net	www.threatminer.org
1	i.creativecommons.org	1 redirects
370	78

This site contains links to these domains. Also see Links.

Domain
medium.com
github.com
uk.linkedin.com
www.google.com
cse.google.com
www.virustotal.com
www.hybrid-analysis.com
virusshare.com
creativecommons.org

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-28` - `2022-06-27`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-20` - `2022-10-19`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.disqus.com DigiCert SHA2 Secure Server CA	`2020-04-20` - `2022-05-09`	2 years	crt.sh
*.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
a.disquscdn.com Amazon	`2021-10-31` - `2022-11-28`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.services.disqus.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-04-26` - `2022-05-28`	a year	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-28` - `2022-12-29`	a year	crt.sh
*.tynt.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
onetag-sys.com R3	`2021-11-02` - `2022-01-31`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2020-12-06` - `2022-01-07`	a year	crt.sh
*.adkernel.com Sectigo RSA Domain Validation Secure Server CA	`2020-12-22` - `2022-01-05`	a year	crt.sh
*.bnmla.com Go Daddy Secure Certificate Authority - G2	`2021-01-06` - `2022-02-07`	a year	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
*.scorecardresearch.com Amazon	`2021-02-28` - `2022-03-29`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-24` - `2022-02-16`	6 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.seadform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-20` - `2022-11-04`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.disquscdn.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh
ssl1029306.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2021-07-12` - `2022-06-30`	a year	crt.sh
*.adnxs-simple.com GeoTrust ECC CA 2018	`2021-03-17` - `2022-03-15`	a year	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2021-03-11` - `2022-02-07`	a year	crt.sh
i.clean.gg GTS CA 1D4	`2021-10-22` - `2022-01-20`	3 months	crt.sh

This page contains 43 frames:

Primary Page: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Frame ID: 45E0D94049BB6C65C6E2636F72DD1021
Requests: 89 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/zrt_lookup.html
Frame ID: 20CF2AF1FCAB172B4D1889B83FC4B2A8
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.21f942bb866c2823339b839747a0c50c.html?origin=https%3A%2F%2Fwww.threatminer.org
Frame ID: 9F7ECC7D8116FB4BD242539CDEF9280B
Requests: 2 HTTP requests in this frame

Frame: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7
Frame ID: D2FE285D48B279774874D3CD7E6D02B9
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=250&slotname=4491384285&adk=1382012186&adf=1527761000&pi=t.ma~as.4491384285&w=299&fwrn=4&fwrnh=100&lmt=1639597317&rafmt=3&psa=0&format=299x250&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597317596&bpp=4&bdt=234&idt=276&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&correlator=8719168437898&frm=20&pv=2&ga_vid=312059641.1639597318&ga_sid=1639597318&ga_hid=1410843209&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=229&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=464529641161210&pem=28&tmod=284&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=f1bbzY06vH&p=https%3A//www.threatminer.org&dtd=290
Frame ID: 3DB58228BDB8B33229368471BC3E0B71
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=600&slotname=6407101181&adk=2989800909&adf=2245449527&pi=t.ma~as.6407101181&w=299&fwrn=4&fwrnh=100&lmt=1639597317&rafmt=1&psa=0&format=299x600&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597317600&bpp=1&bdt=239&idt=302&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250&correlator=8719168437898&frm=20&pv=1&ga_vid=312059641.1639597318&ga_sid=1639597318&ga_hid=1410843209&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=464529641161210&pem=28&tmod=284&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=PjDwG60QCM&p=https%3A//www.threatminer.org&dtd=306
Frame ID: 2FE9BD300456F526752FFFBED9DD4C06
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=1381165906&adk=2644663765&adf=151644923&pi=t.ma~as.1381165906&w=1182&fwrn=4&lmt=1639597317&rafmt=11&psa=0&format=1182x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597317600&bpp=1&bdt=239&idt=311&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600&correlator=8719168437898&frm=20&pv=1&ga_vid=312059641.1639597318&ga_sid=1639597318&ga_hid=1410843209&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=464529641161210&pem=28&tmod=284&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=mizkS2ptyV&p=https%3A//www.threatminer.org&dtd=315
Frame ID: BB2437F07C6D9415573E5D32E9A4057F
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=6125219520&adk=3585176026&adf=3636535385&pi=t.ma~as.6125219520&w=1200&fwrn=4&lmt=1639597317&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597317601&bpp=1&bdt=239&idt=318&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200&correlator=8719168437898&frm=20&pv=1&ga_vid=312059641.1639597318&ga_sid=1639597318&ga_hid=1410843209&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1139&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=464529641161210&pem=28&tmod=284&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=7F0wDg2rEw&p=https%3A//www.threatminer.org&dtd=321
Frame ID: 1E3995D9162BE9ACDD3EA92691050883
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=8831273914&adk=3175788880&adf=3735847537&pi=t.ma~as.8831273914&w=1200&fwrn=4&lmt=1639597317&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597317601&bpp=1&bdt=240&idt=325&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200&correlator=8719168437898&frm=20&pv=1&ga_vid=312059641.1639597318&ga_sid=1639597318&ga_hid=1410843209&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2190&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=464529641161210&pem=28&tmod=284&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=TcvVvCWhWj&p=https%3A//www.threatminer.org&dtd=327
Frame ID: CCEE54DD51DEBB828E63EE260D6F95DB
Requests: 12 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=f326e2b2eb1f84179c8d81fb31d22ea7&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&t_d=f326e2b2eb1f84179c8d81fb31d22ea7%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=f326e2b2eb1f84179c8d81fb31d22ea7%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
Frame ID: C7C62E0484535BD5A5E8849C731604CD
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&adk=1812271804&adf=3025194257&lmt=1639597317&plat=1%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597317749&bpp=1&bdt=387&idt=226&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De4c9cb27a2dbe5d5-2233352e07cd004b%3AT%3D1639597317%3ART%3D1639597317%3AS%3DALNI_MY8p5BVu3i4J8z4a6SLzdPQOlfcng&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200&nras=1&correlator=8719168437898&frm=20&pv=1&ga_vid=312059641.1639597318&ga_sid=1639597318&ga_hid=1410843209&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=464529641161210&pem=28&tmod=284&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=8&uci=a!8&fsb=1&dtd=234
Frame ID: 8F6BADA9BF2B6BBDA6DE3A083B7EABC0
Requests: 1 HTTP requests in this frame

Frame: https://cse.google.com/cse_v2/ads?adsafe=low&pcsa=true&cx=009665096751685288782%3Ao6_z_tmwsge&client=google-coop&q=f326e2b2eb1f84179c8d81fb31d22ea7&r=m&hl=en&type=0&oe=UTF-8&ie=UTF-8&fexp=20606%2C17300769%2C17300772%2C17300841%2C17300859%2C17300861&format=p4&ad=p4&nocache=3021639597318073&num=0&output=uds_ads_only&source=gcsc&v=3&bsl=10&pac=0&u_his=2&u_tz=0&dt=1639597318074&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=6989&frm=0&uio=-&qup=1&inames=master-1&jsv=14764&rurl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7%23gsc.tab%3D0%26gsc.q%3Df326e2b2eb1f84179c8d81fb31d22ea7%26gsc.page%3D1
Frame ID: CE136111A9C8B4C6F3857836BFB76643
Requests: 2 HTTP requests in this frame

Frame: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Frame ID: 0D5299D9FD8D696F7431644FA77A1E88
Requests: 30 HTTP requests in this frame

Frame: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Frame ID: 36D3174E1038C73B8A6C9DC178871276
Requests: 30 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV
Frame ID: C037921B87281844395B6FBF99B27013
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Frame ID: 955089411E38180A69F86255C713CFC2
Requests: 10 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=598ce3ddaee8c90
Frame ID: E8E4AE483C1B20E9DA3E2CCDB04DC0DD
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/index.html
Frame ID: 681BDF65FF7D336C8B6E9DB542DE5098
Requests: 23 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: AB081F345B6981F8AA825176A3BD9F24
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js
Frame ID: 7F30AE1F23474C4069ECDDECFDC4D640
Requests: 1 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Frame ID: 1BE17F482385DD08E2F0B8422FF56967
Requests: 1 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css
Frame ID: 7ABF36814B8CAF9FBD02B2DF04E4CBB9
Requests: 1 HTTP requests in this frame

Frame: https://pbs.twimg.com/card_img/1470883973509398537/-3BXc4Df?format=png&name=800x419
Frame ID: 5D55453A8D39F41F1CDADE1E15A19215
Requests: 30 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 530E2F2AD417BA8E5BBE3C7980EA0983
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js
Frame ID: 6CEA5386B0BD68EEDC696C8603DF08A0
Requests: 1 HTTP requests in this frame

Frame: https://lax1-ib.adnxs-simple.com/ab?an_audit=0&referrer=www.threatminer.org&e=wqT_3QK4KWy4FAAAAwDWAAUBCIaK6Y0GEPHLt6KDkoOtHhj_EQF4ASo2CW6-Ed2zrpE_EVVd0fdkD44_GQAAAOCjcBlAIRESACkRJNAxAAAAgD0Ktz8wspn5CDizGUDlHkhlUKeiyyVYnMuFAWAAaJ3JnAF46t4FgAEBigEDVVNEkgUG9F4BmAHYBaABWqgBAbABALgBAsABBcgBAtABANgBAOABAPABALICATDYAqRD4ALq-SXqAhN3d3cudGhyZWF0bWluZXIub3Jn8gIMCgZIRUlHSFQSAjkw8gIMCgVXSURUSBIDNzI48gIhCgZMT0FERVISF3JlbmRlcl9wb3N0X2Fkc192MS5odG1s8gIYCgpJRlJBTUVfS0VZEgoxMjk4NDQ2ODE58gKiDwoLUFJFX1NDUklQVFMSkg88c2NyaXB0PihmdW5jdGlvbigpey8qCgogQ29weXJpZ2h0IFRoZSBDbG9zdXJlIExpYnJhcnkgQXV0aG9ycy4KIFNQRFgtTGljZW5zZS1JZGVudGlmaWVyOiBBcGFjaGUtMi4wCiovCnZhciBoPXRoaXN8fHNlbGY7LyoKCiBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMAoqLwpmdW5jAZxgIGsoYil7a1siICJdKGIpO3JldHVybiBifQkTED1mdW5jASjwUigpe307dmFyIG09UmVnRXhwKCJeaHR0cHM_Oi8vKFxcd3wtKStcXC5jZG5cXC5hbXBwcm9qZWN0XFwuKG5ldHxvcmcpKFxcP3wvfCQpIik7CmZ1CVkAIAFbAVkIYj1oBWEMYz1bXQUJIGU9bnVsbDtkbwUfGGE9Yjt0cnkFDCxkO2lmKGQ9ISFhJiYBJBwhPWEubG9jYQGpIC5ocmVmKWI6ewEtkGsoYS5mb28pO2Q9ITA7YnJlYWsgYn1jYXRjaChsKXt9ZD0hMX0BfQhnPWQZFwBnARYQaWYoZykFbgBmPl4AODtlPWEuZG9jdW1lbnQmJhkMKC5yZWZlcnJlcnx8AZckfWVsc2UgZj1lLA3LTGMucHVzaChuZXcgcChmfHwiIikpBdUkYj1hLnBhcmVudBmGAGIF__BAfX13aGlsZShiJiZhIT1iKTthPTA7Zm9yKGI9Yy5sZW5ndGgtMTthPD1iOysrYSljW2FdLmRlcHRoPWItYTthPWghKzkeAa41KjhhbmNlc3Rvck9yaWdpbnNuHAANawA9HXUAKQmGDDE7YjwRikw7KytiKWY9Y1tiXSxmLnVybHx8KAUILkIBOnYAFFtiLQoxXSEMGCxmLmg9ITAB4ykiAGgZqyHVFCwhMSk7ZiUWJQIEZT0yBAEgMDw9ZTstLWUpIbpEPWNbZV0sIWYmJm0udGVzdChnAY8gKSYmKGY9ZyksBQ4oJiYhZy5oKXthPWdJGwB9DV0AZRXmBCYmAcwBOwQ7MEFlAGQhWggmJmUFSAEbCCk7YwWtEHEoYSxmdT4UYy5nP2MuBWUMOmMuaQFAAH1xSTQgcShiLGMpe3RoaXMuaUHVAQkIZz1jGSIAcB0iCHVybBEkFGg9ISFjOwUvBYglCgR9OxVZBHIoSbCIYj1uKCksYz1iLmluZGV4T2YoIj8iKTtzZXRUaW1lb3V0KGZ51UH9RGU9dm9pZCAwPT09ZT8uMDE6ZUE1RCEoTWF0aC5yYW5kb20oKT5lKQlfBGE9UfsMLmN1ckG0KFNjcmlwdDthPShhGUoEYT9hA6A6YSkmJiI3NyI9PT1hLmdldEF0dHJpYnV0ZSgiZGF0YS1qYyIpP2E6ZG1OQC5xdWVyeVNlbGVjdG9yKCdbDSUAPQFEGF0nKTtlPSKFd1g6Ly9wYWdlYWQyLmdvb2dsZXN5bmRpY4kDCGNvbQ0ekC9nZW5fMjA0P2lkPWpjYSZqYz03NyZ2ZXJzaW9uPSIrKGEmJmFWmAAALQ0mkCIpfHwidW5rbm93biIpKyImc2FtcGxlPSIrZTthPXdpbmRvdzshR42WMGEubmF2aWdhdG9yKWQuDgBQLnVzZXJBZ2VudCxkPS9DaHJvbWUvSZ4gZCkmJiEvRWRnGREcPyEwOiExO2RhlhVRMC5zZW5kQmVhY29uPwodaR0YFChlKTooYS0VQF9pbWFnZV9yZXF1ZXN0c3x8XhoAED1bXSksAa4x3AQsZDnLBGQ_ERY8OmQsZD1kLmNyZWF0ZUVsZaEBPCgiaW1nIiksZC5zcmM9ZSxafACJ-xhkKSl9fSwwdSpcMDw9Yz9iLnN1YnN0cmluZygwLGMpOmJ9KVcMLnJmbC6CBs2dgGVuY29kZVVSSUNvbXBvbmVudChyKCkpfTt9KS5jYWxsKGEkECk7Cjwv7Ypo8gLJAgoKRVhUUkFfVEFHUxK6AjxkaXYgc3R5IckMcG9zacE7ZDogYWJzb2x1dGU7IGxlZnQ6IDBweDsgdG9wDQpkdmlzaWJpbGl0eTogaGlkZGVuOyI-PGltZyAB--KZAhRhd2JpZCYFBvCGX2I9QUtBbWYtRE5Ia2ltTXpBQVFubVl3S0ZVMWsydm5mWEhsTUFoYkJQNjZZbmVSbU54M0ZDTGFkVXlmaGMyc19VOTc2WkdYQ20xN0xCcUJvd1RWSDViVHJ0S2ZmRTluYmNjNXciIGJvcmRlcj0wIHdpZHRoPTEgaGVpZ2h0PTEgYWx0PSIiMRqoZGlzcGxheTpub25lIj48L2Rpdj7yApoBCgxQT1NUX1NDUklQVFMSiQE8c4UENggBaZlQYWRzLmcuZG91YmxlY2xpY2submV0cZ88eGJmZV9iYWNrZmlsbC5qcwFlLbUNUy5HCSgge3IzcHgoJzEyORqACRwnKTt9KSgpOz3rEJwPChBIAZ40UE9SVF9QQVJBTVMShw-RNoqVAPB9YWRmZXRjaD9hZGs9NDE1MjA0ODAyMSZhZHNhZmU9bWVkaXVtJmNsaWVudD1jYS1wdWItMzA3Njg5MDAxMjc0MTQ2NyZmb3JtYXQ9NzI4eDkwX2FzJmlwPTE4NS4yMzIuMjMuMCZvdXRwdXQ9aHRtbCZ1bnZpZXdlZF9wb3NpQYogX3N0YXJ0PTEmof8Ad0bUChAmc3ViXw2CAGJBifB9ci00OTgyNDIyJmhsPWRlJmFjZWlkPU1ERFU1Z0Q1VlRRQmttQTBBUzlqTkFHU2JUUUJzVzQwQWVWdU5BR25ielFCd204MEFSUndOQUVlY0RRQlhuQTBBWXR3TkFHMWNEUUIzWEEwQVE1eE5BRlVjVFFCVlhFMEFXWnhOQUY0ARAsaDNFMEFhQnhOQUdqARAsdFhFMEFkRnhOQUhTBRD0XAgyeEJBVXR6UVFGVGMwRUJ0QjFjQWpqSVhBTFc5b2dDUWZlSUFyTDNpQUo1UUtvQ0owS3FBaWhDcWdKc1c2b0NmbUtxQW1kb3FnSjZjNm9DX25pcUF1SjdxZ0x1aHFvQ2pZcXFBb0NicWdLQm02b0NncHVxQWhhbnFnS2xwNm9Db3FpcUF0NnJxZ0lzcktvQ0hLNnFBaDZ1cWdLVnI2b0NkN0NxQW5td3FnS0FzS29DZ3JDcUFvbXdxZ0toczZvQ3RyU3FBc2UxcWdKVHVxb0NyOENxQXV6QnFnTFd6S29DS00ycUFqTE9xZ0pOenFvQ3U4NnFBczdUcWdKTjFhb0NTZGFxQXBQWHFnSXMyS29DajlpcUFqN1pxZ0o5MmFvQ2U5cXFBaDdicWdLYTNLb0NyZHlxQWtfZHFnSW8zcW9DTnQ2cUFsWGVxZ0o5M3FvQ29kNnFBc2JlcWdMbDNxb0NrLUtxQXRUaXFnSmo0Nm9DOXVPcUF2dmtxZ0tnNWFvQzR1V3FBZ2ZucWdKczZLb0MzdWlxQW83cXFnSzI2cW9DOC11cUFrYnNxZ0tVN0tvQ24teXFBa3Z0cWdKajdhb0NQTzZxQXJ6WXRnZjgxMzhJMFlZakNxM09aUTVadGZzU0ljWDdFZ2JKLXhKT3pmc1N6dEg3RXJ2Yy14TDU1ZnNTQk9yN0VrcnIteEo3Nl9zU3AtdjdFaUhzLXhLQTdQc1NpdXo3RW1idC14Snk3ZnNTNE8zN0VoRHcteEpBOFBzU2xtWmtFLWxiMEJPY3l4d1k5MVpyR2tnZnJCdUd2UDhqV3dDU0tkZk90UzRwSXZwQzlqLWZUQSZleGs9MTI5ODQ0NjgxOSZhd2JpZF9jPUFLQW1mLURVcmFvbjdaZk4zQ2pGaGZ1MWRyYjFEazktT2xxcGRKRFZPejhWbWJFeDU2NEtTZVZ1dDljc0JFNV9RZXhaM3BfTVBpRHpUaE1jZzFfaXdLRzl5ZzNYeC1kdDFpenM4MVFtREpoT1ZLQTdwTEpCd19QR09UMS1wVmh2MFJXU1dMbzlyUFFhWDBnU2tNQ3cyaFFBVzNzQThwLWhLUSZhd2JpZF9kPUFLQW1mLUFfcVZ1dC1YTXlka2N2LWFLMnU2enZHSF94Q1ZCSmlYam1WcGRybGwyWEJfQXJ5b1JtcUV0cVdBMUhkSzJYZlBOZ3NCbVN4VFU1OXF2ZlExWkNfMl9UejkzN1lmTXZSVVc3c2pPZWhlbFRpY283ZUV0azlpS0MwMFludlJhOXBFZmR0aWtndDdZaWFaa2NzVWJ2Mk5LbkdzbjRSR1NDeVo0ZHFkMnktdTlhU3dReGNlakI5RWo2SFlra3VkbmVIN3NJWWJ1S3FmSEpqSjVmX3l5TDJTNl9XNmNXdzB1U3VNNlF0ZjBRdUpUT2RQLTZocFpGbGUwOHE3SE1hWTVlRFhWTUs3dVpKQXpSTjh5WkNyWURZZVd0Z29MaHg3N1pxMVpVUkJCM055QkpKN1RnZ3JjTnhGa0xBcGdOdkNQaFRZLWhjQmZRNlhuZk1YWmRWWkZHT3RheDBPYlVMbWVXSGdlVzlYRFMxOEFZbHZXMDlRX1BIZjZPU1BTY295bmxWNnFZVUZMcnBscHh1QUVUR3NjWjJuLW1hOEE5ZGV2dmJDdXM0ZmZiUjI0V2kzRjBmY0xVWXhnWU9sTXlMTHNGeXJ1R3I4Nk5jMF90cHVTMDlZX0xRWnZvNWZqWlk2a0ZzSmJYLWVhb2NZN1pqNndzbUhnbzhsdnp0S09vUUgzMU4xR1NwZXNRSjgtRXM5RDZoRmdLREdBNldnNkd4bXhSUEIxUThYeVZ2bVAtb0NOcnJDazVnWndfZklUU2tkU0FnUVFFWUNuZUxBWFBJRGxxbV9Od191UERDS0Y1TXNUUU1lbkhSR1NXZFlfM1RsU2xtTFl2ejZuS3ZUWVJNVXJBWFl2Vy1jSlNlTTA2Q2JPdkVJWEx3SU5GX3hRXzhObkdjQnVRQ080UGZfNDdZakNydFVvJmNpZD1DQUFTQk9Sb2hiZyZhX2NpZD2AAwGIAwCQAwCYAxSgAwGqA-oBCr8BaHR0cHM6Ly9wYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbS9wYWdlYWQvZ2VuXzIwND9pZD1hd2JpZCZhd2JpZF9iPUFLQW1mLURCNnVtNmVSa1o1QmdYdURVSlNXR3NYLWFwZ0p5QS02OXQxOWJXOTV0Ui0wZ05iUlRzaF9CcEdvVkRQQTJUbE01SkZVRzlzMGtOZlI4M3NRMzZ5R1UyS1psaU5nJnByPTEwOiR7QVVDVElPTl9QUklDRX0aEzIxODcwNzQzODI1MzQxNDE0MjUiCDc4ODI3ODE1KgQzOTQxOgEwwAOsAsgDANgDAOADAOgDAPgDA4AEAJIECS9vcGVucnRiMpgEAKIEDjE4NS4yMzIuMjMuMTgwqASeAbIEDAgAEAAYACAAMAA4ALgEAMAEAMgEANoEAggB4AQA8ASnossliAUBmAUAoAWVzaOL9sX4vDCqBSo0ODA1MjkwZi0yMjY5LTQ3MjAtYjMzMy04OWVjNzhiNmIxM2Z-ODgzfjHABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AWy1gH6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AG7o8B2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcMMTMyMzQ3MTk2ODQ5ugcPCAAQABgAIAAwADi_BkAAyAfq3gXSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwBwCKCAIQAA..&s=6dc008e505dadf01526375899aab1cd463386c06&pp=0.014678
Frame ID: 17A491B09B7C4ADD5429380D6707D63B
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js
Frame ID: 6FDDA12A83321C6D85309FB066EA7B42
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Frame ID: 4D30A4A9A31955C78ACB3F09C01B5683
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Frame ID: 5112D24620D2ADC9CA08C3A426D0537F
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10609010985198416840/728x90.html
Frame ID: 213A3F6CF0FC3B541A8FFA3D7689E6CE
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 2C8143CD82CECADC77DECCC458D0ED97
Requests: 2 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: DA688BCB388559873A439EF980392E96
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 779838A6C602352D592E45DA19D1E6F0
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: D19732FBE461635554C1BF80DD0349AA
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js
Frame ID: 5C2852A3AB0BDBC5004B5DA24E74DE60
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js
Frame ID: 3B6D0A6AFBD92D8355D63FD472108EF3
Requests: 1 HTTP requests in this frame

Frame: https://lax1-ib.adnxs-simple.com/if?an_audit=0&referrer=www.threatminer.org&e=wqT_3QK4KWy4FAAAAwDWAAUBCIaK6Y0GEPHLt6KDkoOtHhj_EQF4ASo2CW--Ed2zrpE_EVVd0fdkD44_GQAAAOCjcBlAIRESBCluDSTQMQAAAIA9Crc_MLKZ-Qg4sxlA5R5IZVCnosslWJzLhQFgAGidyZwBeOreBYABAYoBA1VTRJIFBvReAZgB2AWgAVqoAQGwAQC4AQLAAQXIAQLQAQDYAQDgAQDwAQCyAgEw2AKkQ-AC6vkl6gITd3d3LnRocmVhdG1pbmVyLm9yZ_ICDAoGSEVJR0hUEgI5MPICDAoFV0lEVEgSAzcyOPICIQoGTE9BREVSEhdyZW5kZXJfcG9zdF9hZHNfdjEuaHRtbPICGAoKSUZSQU1FX0tFWRIKMTI5ODQ0NjgxOfICog8KC1BSRV9TQ1JJUFRTEpIPPHNjcmlwdD4oZnVuY3Rpb24oKXsvKgoKIENvcHlyaWdodCBUaGUgQ2xvc3VyZSBMaWJyYXJ5IEF1dGhvcnMuCiBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMAoqLwp2YXIgaD10aGlzfHxzZWxmOy8qCgogU1BEWC1MaWNlbnNlLUlkZW50aWZpZXI6IEFwYWNoZS0yLjAKKi8KZnVuYwGcYCBrKGIpe2tbIiAiXShiKTtyZXR1cm4gYn0JExA9ZnVuYwEo8FIoKXt9O3ZhciBtPVJlZ0V4cCgiXmh0dHBzPzovLyhcXHd8LSkrXFwuY2RuXFwuYW1wcHJvamVjdFxcLihuZXR8b3JnKShcXD98L3wkKSIpOwpmdQlZACABWwFZCGI9aAVhDGM9W10FCSBlPW51bGw7ZG8FHxhhPWI7dHJ5BQwsZDtpZihkPSEhYSYmASQcIT1hLmxvY2EBqSAuaHJlZiliOnsBLZBrKGEuZm9vKTtkPSEwO2JyZWFrIGJ9Y2F0Y2gobCl7fWQ9ITF9AX0IZz1kGRcAZwEWEGlmKGcpBW4AZj5eADg7ZT1hLmRvY3VtZW50JiYZDCgucmVmZXJyZXJ8fAGXJH1lbHNlIGY9ZSwNy0xjLnB1c2gobmV3IHAoZnx8IiIpKQXVJGI9YS5wYXJlbnQZhgBiBf_wQH19d2hpbGUoYiYmYSE9Yik7YT0wO2ZvcihiPWMubGVuZ3RoLTE7YTw9YjsrK2EpY1thXS5kZXB0aD1iLWE7YT1oISs5HgGuNSo4YW5jZXN0b3JPcmlnaW5zbhwADWsAPR11ACkJhgwxO2I8EYpMOysrYilmPWNbYl0sZi51cmx8fCgFCC5CATp2ABRbYi0KMV0hDBgsZi5oPSEwAeMpIgBoGash1RQsITEpO2YlFiUCBGU9MgQBIDA8PWU7LS1lKSG6RD1jW2VdLCFmJiZtLnRlc3QoZwGPICkmJihmPWcpLAUOKCYmIWcuaCl7YT1nSRsAfQ1dAGUV5gQmJgHMATsEOzBBZQBkIVoIJiZlBUgBGwgpO2MFrRBxKGEsZnU-FGMuZz9jLgVlDDpjLmkBQAB9cUk0IHEoYixjKXt0aGlzLmlB1QEJCGc9YxkiAHAdIgh1cmwRJBRoPSEhYzsFLwWIJQoEfTsVWQRyKEmwiGI9bigpLGM9Yi5pbmRleE9mKCI_Iik7c2V0VGltZW91dChmedVB_URlPXZvaWQgMD09PWU_LjAxOmVBNUQhKE1hdGgucmFuZG9tKCk-ZSkJXwRhPVH7DC5jdXJBtChTY3JpcHQ7YT0oYRlKBGE_YQOgOmEpJiYiNzciPT09YS5nZXRBdHRyaWJ1dGUoImRhdGEtamMiKT9hOmRtTkAucXVlcnlTZWxlY3RvcignWw0lAD0BRBhdJyk7ZT0ihXdYOi8vcGFnZWFkMi5nb29nbGVzeW5kaWOJAwhjb20NHpAvZ2VuXzIwND9pZD1qY2EmamM9NzcmdmVyc2lvbj0iKyhhJiZhVpgAAC0NJpAiKXx8InVua25vd24iKSsiJnNhbXBsZT0iK2U7YT13aW5kb3c7IUeNljBhLm5hdmlnYXRvcilkLg4AUC51c2VyQWdlbnQsZD0vQ2hyb21lL0meIGQpJiYhL0VkZxkRHD8hMDohMTtkYZYVUTAuc2VuZEJlYWNvbj8KHWkdGBQoZSk6KGEtFUBfaW1hZ2VfcmVxdWVzdHN8fF4aABA9W10pLAGuMdwELGQ5ywRkPxEWPDpkLGQ9ZC5jcmVhdGVFbGWhATwoImltZyIpLGQuc3JjPWUsWnwAifsYZCkpfX0sMHUqXDA8PWM_Yi5zdWJzdHJpbmcoMCxjKTpifSlXDC5yZmwuggbNnYBlbmNvZGVVUklDb21wb25lbnQocigpKX07fSkuY2FsbChhJBApOwo8L-2KaPICyQIKCkVYVFJBX1RBR1MSugI8ZGl2IHN0eSHJDHBvc2nBO2Q6IGFic29sdXRlOyBsZWZ0OiAwcHg7IHRvcA0KZHZpc2liaWxpdHk6IGhpZGRlbjsiPjxpbWcgAfvimQIUYXdiaWQmBQbwhl9iPUFLQW1mLUROSGtpbU16QUFRbm1Zd0tGVTFrMnZuZlhIbE1BaGJCUDY2WW5lUm1OeDNGQ0xhZFV5ZmhjMnNfVTk3NlpHWENtMTdMQnFCb3dUVkg1YlRydEtmZkU5bmJjYzV3IiBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0iIjEaqGRpc3BsYXk6bm9uZSI-PC9kaXY-8gKaAQoMUE9TVF9TQ1JJUFRTEokBPHOFBDYIAWmZUGFkcy5nLmRvdWJsZWNsaWNrLm5ldHGfPHhiZmVfYmFja2ZpbGwuanMBZS21DVMuRwkoIHtyM3B4KCcxMjkagAkcJyk7fSkoKTs96xCcDwoQSAGeNFBPUlRfUEFSQU1TEocPkTaKlQDwfWFkZmV0Y2g_YWRrPTQxNTIwNDgwMjEmYWRzYWZlPW1lZGl1bSZjbGllbnQ9Y2EtcHViLTMwNzY4OTAwMTI3NDE0NjcmZm9ybWF0PTcyOHg5MF9hcyZpcD0xODUuMjMyLjIzLjAmb3V0cHV0PWh0bWwmdW52aWV3ZWRfcG9zaUGKIF9zdGFydD0xJqH_AHdG1AoQJnN1Yl8NggBiQYnwfXItNDk4MjQyMiZobD1kZSZhY2VpZD1NRERVNWdENVZUUUJrbUEwQVM5ak5BR1NiVFFCc1c0MEFlVnVOQUduYnpRQndtODBBUlJ3TkFFZWNEUUJYbkEwQVl0d05BRzFjRFFCM1hBMEFRNXhOQUZVY1RRQlZYRTBBV1p4TkFGNAEQLGgzRTBBYUJ4TkFHagEQLHRYRTBBZEZ4TkFIUwUQ9FwIMnhCQVV0elFRRlRjMEVCdEIxY0FqaklYQUxXOW9nQ1FmZUlBckwzaUFKNVFLb0NKMEtxQWloQ3FnSnNXNm9DZm1LcUFtZG9xZ0o2YzZvQ19uaXFBdUo3cWdMdWhxb0NqWXFxQW9DYnFnS0JtNm9DZ3B1cUFoYW5xZ0tscDZvQ29xaXFBdDZycWdJc3JLb0NISzZxQWg2dXFnS1ZyNm9DZDdDcUFubXdxZ0tBc0tvQ2dyQ3FBb213cWdLaHM2b0N0clNxQXNlMXFnSlR1cW9DcjhDcUF1ekJxZ0xXektvQ0tNMnFBakxPcWdKTnpxb0N1ODZxQXM3VHFnSk4xYW9DU2RhcUFwUFhxZ0lzMktvQ2o5aXFBajdacWdKOTJhb0NlOXFxQWg3YnFnS2EzS29DcmR5cUFrX2RxZ0lvM3FvQ050NnFBbFhlcWdKOTNxb0NvZDZxQXNiZXFnTGwzcW9Day1LcUF0VGlxZ0pqNDZvQzl1T3FBdnZrcWdLZzVhb0M0dVdxQWdmbnFnSnM2S29DM3VpcUFvN3FxZ0syNnFvQzgtdXFBa2JzcWdLVTdLb0NuLXlxQWt2dHFnSmo3YW9DUE82cUFyell0Z2Y4MTM4STBZWWpDcTNPWlE1WnRmc1NJY1g3RWdiSi14Sk96ZnNTenRIN0VydmMteEw1NWZzU0JPcjdFa3JyLXhKNzZfc1NwLXY3RWlIcy14S0E3UHNTaXV6N0VtYnQteEp5N2ZzUzRPMzdFaER3LXhKQThQc1NsbVprRS1sYjBCT2N5eHdZOTFackdrZ2ZyQnVHdlA4ald3Q1NLZGZPdFM0cEl2cEM5ai1mVEEmZXhrPTEyOTg0NDY4MTkmYXdiaWRfYz1BS0FtZi1EVXJhb243WmZOM0NqRmhmdTFkcmIxRGs5LU9scXBkSkRWT3o4Vm1iRXg1NjRLU2VWdXQ5Y3NCRTVfUWV4WjNwX01QaUR6VGhNY2cxX2l3S0c5eWczWHgtZHQxaXpzODFRbURKaE9WS0E3cExKQndfUEdPVDEtcFZodjBSV1NXTG85clBRYVgwZ1NrTUN3MmhRQVczc0E4cC1oS1EmYXdiaWRfZD1BS0FtZi1BX3FWdXQtWE15ZGtjdi1hSzJ1Nnp2R0hfeENWQkppWGptVnBkcmxsMlhCX0FyeW9SbXFFdHFXQTFIZEsyWGZQTmdzQm1TeFRVNTlxdmZRMVpDXzJfVHo5MzdZZk12UlVXN3NqT2VoZWxUaWNvN2VFdGs5aUtDMDBZbnZSYTlwRWZkdGlrZ3Q3WWlhWmtjc1VidjJOS25Hc240UkdTQ3laNGRxZDJ5LXU5YVN3UXhjZWpCOUVqNkhZa2t1ZG5lSDdzSVlidUtxZkhKako1Zl95eUwyUzZfVzZjV3cwdVN1TTZRdGYwUXVKVE9kUC02aHBaRmxlMDhxN0hNYVk1ZURYVk1LN3VaSkF6Uk44eVpDcllEWWVXdGdvTGh4NzdacTFaVVJCQjNOeUJKSjdUZ2dyY054RmtMQXBnTnZDUGhUWS1oY0JmUTZYbmZNWFpkVlpGR090YXgwT2JVTG1lV0hnZVc5WERTMThBWWx2VzA5UV9QSGY2T1NQU2NveW5sVjZxWVVGTHJwbHB4dUFFVEdzY1oybi1tYThBOWRldnZiQ3VzNGZmYlIyNFdpM0YwZmNMVVl4Z1lPbE15TExzRnlydUdyODZOYzBfdHB1UzA5WV9MUVp2bzVmalpZNmtGc0piWC1lYW9jWTdaajZ3c21IZ284bHZ6dEtPb1FIMzFOMUdTcGVzUUo4LUVzOUQ2aEZnS0RHQTZXZzZHeG14UlBCMVE4WHlWdm1QLW9DTnJyQ2s1Z1p3X2ZJVFNrZFNBZ1FRRVlDbmVMQVhQSURscW1fTndfdVBEQ0tGNU1zVFFNZW5IUkdTV2RZXzNUbFNsbUxZdno2bkt2VFlSTVVyQVhZdlctY0pTZU0wNkNiT3ZFSVhMd0lORl94UV84Tm5HY0J1UUNPNFBmXzQ3WWpDcnRVbyZjaWQ9Q0FBU0JPUm9oYmcmYV9jaWQ9gAMBiAMAkAMAmAMUoAMBqgPqAQq_AWh0dHBzOi8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL2dlbl8yMDQ_aWQ9YXdiaWQmYXdiaWRfYj1BS0FtZi1EQjZ1bTZlUmtaNUJnWHVEVUpTV0dzWC1hcGdKeUEtNjl0MTliVzk1dFItMGdOYlJUc2hfQnBHb1ZEUEEyVGxNNUpGVUc5czBrTmZSODNzUTM2eUdVMktabGlOZyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMyMTg3MDc0MzgyNTM0MTQxNDI1Igg3ODgyNzgxNSoEMzk0MToBMMADrALIAwDYAwDgAwDoAwD4AwOABACSBAkvb3BlbnJ0YjKYBACiBA4xODUuMjMyLjIzLjE4MKgEngGyBAwIABAAGAAgADAAOAK4BADABADIBADaBAIIAeAEAPAEp6LLJYgFAZgFAKAFlc2ji_bF-LwwqgUqNDgwNTI5MGYtMjI2OS00NzIwLWIzMzMtODllYzc4YjZiMTNmfjg4M34xwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFstYB-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_QBu6PAdoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDEzMjM0NzE5Njg0OboHDwgAEAAYACAAMAA4vwZAAMgH6t4F0gcNCQAAAAAAAAAAEAAYANoHBggAEAAYAOAHAOoHAggA8AcAiggCEAA.&s=c9478ef3dc3cc589a6370900713131bd6526c7f9
Frame ID: 9B85A7FB4FFEC5290EDD01864143B6FB
Requests: 8 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: 8F30C420E702435F47725F3C69DC5C12
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Frame ID: 833931D4E7EE5AFA1B15833ED3E3B0DF
Requests: 12 HTTP requests in this frame

Frame: https://resources.infolinks.com/static/container-1.0.html
Frame ID: 24B2D70F7415FCDC58D4DD4AAAF91603
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js
Frame ID: FCD64BDB5AA6B23296C8640EEC3BDC5D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: FD7090BA6431CDB05B512BB49E4F8797
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 3840FEF5F84642649250F6DAF9286B59
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

f326e2b2eb1f84179c8d81fb31d22ea7 Malware Analysis Results | ThreatMiner.orgsearchsearch

Page Statistics

370
Requests

95 %
HTTPS

39 %
IPv6

47
Domains

78
Subdomains

57
IPs

6
Countries

5724 kB
Transfer

13720 kB
Size

53
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/@threatminer
Title: Blog

Search URL Search Domain Scan URL

URL: http://github.com/threatminer
Title: ThreatMiner Github Github.com/threatminer

Search URL Search Domain Scan URL

URL: https://uk.linkedin.com/in/michaelyiphw
Title: Find Mike on LinkedIn Linkedin.com/michaelyiphw

Search URL Search Domain Scan URL

URL: https://www.google.com/search?client=ms-google-coop&q=f326e2b2eb1f84179c8d81fb31d22ea7&cx=009665096751685288782:o6_z_tmwsge
Title: searchSearch for f326e2b2eb1f84179c8d81fb31d22ea7 on Google

Search URL Search Domain Scan URL

URL: https://cse.google.com/?ref=b&hl=en

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/en/file/7cf8afabcb10a4bba9e9f34e90b6bc1ea3e2c5bf4948b88f66d7c81dcb8ce277/analysis/
Title: VirusTotal

Search URL Search Domain Scan URL

URL: https://www.hybrid-analysis.com/sample/7cf8afabcb10a4bba9e9f34e90b6bc1ea3e2c5bf4948b88f66d7c81dcb8ce277
Title: Hybrid-Analysis

Search URL Search Domain Scan URL

URL: https://virusshare.com/
Title: VirusShare

Search URL Search Domain Scan URL

URL: http://creativecommons.org/licenses/by/4.0/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 25

https://i.creativecommons.org/l/by/4.0/80x15.png HTTP 301
https://licensebuttons.net/l/by/4.0/80x15.png

Request Chain 79

https://ssum-sec.casalemedia.com/usermatch?s=191306&cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1

Request Chain 81

https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fpbm-usync%253Fuid%253D%2523PMUID HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fpbm-usync%253Fuid%253D%2523PMUID&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MzUwQjFBNDgtNDQxNC00Nzc0LThENTktQzhCMTUwQjE3OTQw&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MzUwQjFBNDgtNDQxNC00Nzc0LThENTktQzhCMTUwQjE3OTQw&gdpr=0&gdpr_consent=&google_tc= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?p=156872&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fpbm-usync%3Fuid%3D350B1A48-4414-4774-8D59-C8B150B17940 HTTP 302
https://router.infolinks.com/dyn/pbm-usync?uid=350B1A48-4414-4774-8D59-C8B150B17940

Request Chain 82

https://ib.adnxs.com/getuid?https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fapn-usync%3Fuser_id%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fapn-usync%253Fuser_id%253D%2524UID HTTP 302
https://router.infolinks.com/dyn/apn-usync?user_id=2413019295569767372

Request Chain 84

https://ups.analytics.yahoo.com/ups/58422/occ HTTP 302
https://ups.analytics.yahoo.com/ups/58422/occ?verify=true HTTP 302
https://router.infolinks.com/dyn/VR-usync?uid=y-oGTjEylE2uGNgfncCN6HPnmoyat.0yaYWfFmqt0-~A

Request Chain 85

https://sync.1rx.io/usersync2/infolinks HTTP 302
https://router.infolinks.com/dyn/r1-usync?uid=OPTOUT

Request Chain 86

https://b1sync.zemanta.com/usersync/infolinks/?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fzmn-usync%3Fuid%3D__ZUID__ HTTP 302
https://router.infolinks.com/dyn/zmn-usync?uid=

Request Chain 88

https://ib.adnxs.com/getuid?https://s.cpx.to/ca.png?ref=https%253A%252F%252Fwww.threatminer.org%252Fsample.php%253Fq%253Df326e2b2eb1f84179c8d81fb31d22ea7&pid=12306&adnxs_uid=$UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.cpx.to%2Fca.png%3Fref%3Dhttps%25253A%25252F%25252Fwww.threatminer.org%25252Fsample.php%25253Fq%25253Df326e2b2eb1f84179c8d81fb31d22ea7%26pid%3D12306%26adnxs_uid%3D%24UID HTTP 302
https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&pid=12306&adnxs_uid=2775319518693246399

Request Chain 90

https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true HTTP 302
https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP10c1a996-5ddf-11ec-b000-06281abbc740 HTTP 302
https://router.infolinks.com/dyn/outh-usync?uid=y-ihqGBP1E2uHmmQf0bwyBBtb_jpsz8XQi~A~UP10c1a996-5ddf-11ec-b000-06281abbc740

Request Chain 92

https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID HTTP 307
https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID&sovrn_retry=true HTTP 307
https://router.infolinks.com/dyn/sovrn-usync?uid=ecc012d606eaa40321784a67

Request Chain 93

https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fusersync%253Fpmuservalue%253D%2523PMUID HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fusersync%253Fpmuservalue%253D%2523PMUID&rdf=1 HTTP 302
https://image4.pubmatic.com/AdServer/SPug?p=60809&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fusersync%3Fpmuservalue%3D350B1A48-4414-4774-8D59-C8B150B17940 HTTP 302
https://router.infolinks.com/dyn/usersync?pmuservalue=350B1A48-4414-4774-8D59-C8B150B17940

Request Chain 94

https://p.rfihub.com/cm?pub=43153&in=1 HTTP 302
https://router.infolinks.com/dyn/zeta-usync?uid=5107433822069554098

Request Chain 104

https://sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&ns__t=1639597318225&ns_c=UTF-8&ns_if=1&cv=3.5&c8=&c7=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1639597318225&ns_c=UTF-8&ns_if=1&cv=3.5&c8=&c7=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&c9=

Request Chain 115

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YbpFBnjRA1f5aOYiU_nSZQAABH0AAAAB&gdpr_consent=&us_privacy=&gdpr=1 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEDqCsp4CoCzYExRHEqdCYD8&google_cver=1

Request Chain 116

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbpFBnjRA1f5aOYiU_nSZQAABH0AAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbpFBnjRA1f5aOYiU_nSZQAABH0AAAAB&dcc=t

Request Chain 117

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YbpFBnjRA1f5aOYiU-nSZQAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEESecXhdeVmr1yXKtY3fzG8&google_cver=1&gdpr=1

Request Chain 118

https://ad.turn.com/r/cs?pid=21&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3623615811744744614

Request Chain 121

https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID) HTTP 302
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ6928837181518736253&uid=Q6928837181518736253&ref=%2Feucm%2Fp%2Fcc HTTP 302
https://px.owneriq.net/noop?ct=image%2Fgif

Request Chain 204

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 250

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 319

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 327

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 330

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 334

https://syndication.twitter.com/i/jot HTTP 302
https://platform.twitter.com/jot.html

Request Chain 363

https://pixel.tapad.com/idsync/ex/receive?partner_device_id=ba6abd92-8f3a-42cf-9215-dcbc3f26aaf5=&partner_id=3337 HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_device_id=ba6abd92-8f3a-42cf-9215-dcbc3f26aaf5=&partner_id=3337

370 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request sample.php Show response
www.threatminer.org/ 34 KB
8 KB 131ms
73ms Document
text/html 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 123e48d83601dbe7d038ad48a45e6fa1a6be410246d0e8a6e18786850128b3ad

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ecPZLlmcuWEW%2Bq3Hr4G8VGyNXEXXCHoF8WxXzE85ADo7%2Fw%2BBK8uMIXcFrYsQB%2FfsTa5S5w2wQHHQltrF5OCOqWLj7sk9gUExR0oVqyaTldD7%2F8rmPV2Xnw%2BL6mtKFnjCl5l%2BS6u54l5EuuQM8WutdS0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6be227011dde0f86-MXP
content-encoding: br

GET
H2 200 bootstrap.min.css
www.threatminer.org/bower_components/bootstrap/dist/css/ 115 KB
20 KB 66ms
66ms Stylesheet
text/css 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/bootstrap/dist/css/bootstrap.min.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
server: cloudflare
etag: W/"1ca39-51434f58bfb80-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e5Jls1A%2FS3bXkxMhUar%2FiPoVmKccPO2ijWulu2L1l9L1QSBUYBZiK6vL%2FU8NtYVqZGwSKPzqdxtQy7IVpwx6quwomdLVgGnv5Xha8AD1mASs5lPdwfWEd0RTYiS6shX0nWglNJpVqJ3SMoFZG4IIT%2B0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6be22701af250f86-MXP

GET
H2 200 metisMenu.min.css
www.threatminer.org/bower_components/metisMenu/dist/ 781 B
699 B 53ms
52ms Stylesheet
text/css 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/metisMenu/dist/metisMenu.min.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0dc574fb2b266dba913861d60b0c69d1e41f0fd095a3341a45f26401cd8b6b3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
server: cloudflare
etag: W/"30d-51434f58bfb80-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9NcHO%2B%2BPx493FXCckxzvyXjQgB%2B5xUv0AsBUSQxOi11bNQeBjawEGj4n8I5q1zjwcAdxa8fc9PWGQv4mpYHA5kLTLKw6JGj2mzYpdg2FqAkvLh3Sq81EnNd4iLMGCzbRjPckc2e9oMZGVjhnjYHJo4s%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6be22701af270f86-MXP

GET
H2 200 dataTables.bootstrap.css
www.threatminer.org/bower_components/datatables-plugins/integration/bootstrap/3/ 7 KB
2 KB 69ms
68ms Stylesheet
text/css 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/integration/bootstrap/3/dataTables.bootstrap.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f2fcf631c05c66ac82cfd9bcaf8c91c3b6fd55dad4c36271caed837482d4b2bb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
server: cloudflare
etag: W/"1dc0-51434f58bfb80-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ghHG%2Fzxqg%2FeOldN8qOEVGVmO7KkCk5wPv%2F%2FlDr3lUTb2aLdYHin9gupwEHtPLXYpYjv4%2Fi3Jt2MDPaPPpEQOomOwjlGNEQJxnzqF0ueuNxkXpI0Pxh71kHDziUYHHnscCxAqxuqkkdI4eHHzzVLeyrw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6be22701bf2b0f86-MXP

GET
H2 200 dataTables.responsive.css
www.threatminer.org/bower_components/datatables-responsive/css/ 3 KB
900 B 56ms
55ms Stylesheet
text/css 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-responsive/css/dataTables.responsive.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c692f0d15d92d902c12d745947ba1f892a76bbf3f74c6f3a9f590afd0653ee04

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
server: cloudflare
etag: W/"beb-51434f58bfb80-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B%2B3Q5i0tauZIwAhc6y3bpqsu37n01i%2BBLGfMe%2B0I%2BbaGzjdNNuW8RaTm1qlKN%2BEmolZ5V%2FZBE5xJW0ZLvUtmTYmVrE6eMZHtsAD9Mwv%2BbhQFr5uFPHHKo5KRZO38Dv2tucz6K%2FreagEa7%2FB2jcBdl8Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
cf-polished: origSize=3051
cf-ray: 6be22701bf2f0f86-MXP
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-bgj: minify

GET
H2 200 buttons.dataTables.min.css
www.threatminer.org/bower_components/datatables-plugins/buttons/media/css/ 8 KB
2 KB 64ms
63ms Stylesheet
text/css 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/buttons/media/css/buttons.dataTables.min.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7d55fb721c0a1bb591d30b6e06f7781fbd13ab200a8aef0fa8df62e455bc0b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 13:08:48 GMT
server: cloudflare
etag: W/"1f58-54e761fab9800-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nwqziilUj8%2FkHT5FFTYy5HgkOqocdlH%2Bbmg8uST2D5vHkNKywBjI3hsbtmkWINUm6tx7xMx8L13O9AJYcj5GGmfqfDwOuZJ%2F5JkJJvwmko6%2FItpkSJ9u0uh6198S4jprKv6EcMzdnITDRccRor5%2BakE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6be22701bf310f86-MXP

GET
H2 200 buttons.bootstrap.min.css
www.threatminer.org/bower_components/datatables-plugins/buttons/media/css/ 2 KB
752 B 56ms
56ms Stylesheet
text/css 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/buttons/media/css/buttons.bootstrap.min.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9926a0d226b45faff8db829a1c445f33efa6522e213fafed1000365d5abf73df

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 13:02:52 GMT
server: cloudflare
etag: W/"626-54e760a737700-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0F8jTxlyyt6iYee%2FPE4GOTg5ksjODWbO0OqIxyIArisFHPrQuhGG%2FIXWTT5BeJFNgSufAn%2F7WfnP%2B%2Fip7Rf1cA9Bfm6viLNgDQutowvu%2B2JzTGOVgcWmH0cDfsdbgb%2F%2FC2IpP4HkTIz6Xyiq1CmCbDA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6be22701bf330f86-MXP

GET
H2 200 sb-admin-2.css
www.threatminer.org/dist/css/ 6 KB
2 KB 64ms
63ms Stylesheet
text/css 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/dist/css/sb-admin-2.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 15af21e2984025e0542521d6b6ad54a846b8fe403d1f0c33c2ce9681a96ff22b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 02 Jan 2021 17:59:17 GMT
server: cloudflare
etag: W/"1606-5b7ee9d93cc8e-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pkW4UCSY7SBCqAFk4lX3zDSV3eC2mJDtQ%2FBgkCKHSl7OqG7sMYpoF3q7z8TFNAZvMwLeJoSCFw6rAoJl8GOMjcdKQw5Ua3vl1ZP7fN%2FRTEbAPUN8P41wFdg4V79j%2BQ4Rsq%2BU9hiAH4JE0I4BaehtT6I%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6be22701bf340f86-MXP

GET
H2 200 font-awesome.min.css
www.threatminer.org/bower_components/font-awesome/css/ 21 KB
5 KB 71ms
71ms Stylesheet
text/css 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/font-awesome/css/font-awesome.min.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0fb1bbca73646e8e2b93c82e8d8b219647b13d4b440c48e338290b9a685b8de1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
server: cloudflare
etag: W/"55e0-51434f58bfb80-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b%2BQyBi0feD%2FtKsujlYsj5KwHZqsaS6vLA1JT%2F%2BYAvzKQpOJIujrlAv3Dql%2BctIYhgIMu8vIL1HHz0hIoFZD6oAguWVmxUL7wKiHYTrZ2JS%2BIdTLbM7gPzFKrwmvH1AANPDEHBWxCIQ2xHrU8J51HQ1Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6be22701bf370f86-MXP

GET
H2 200 social-share-kit.css
www.threatminer.org/dist/css/ 12 KB
3 KB 58ms
58ms Stylesheet
text/css 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/dist/css/social-share-kit.css
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60adb5d029ec8a5d4613d7d57ff8a799c43caae1d1d1c2e5c230d65850fd5273

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 16 Dec 2016 10:13:34 GMT
server: cloudflare
etag: W/"2ff1-543c3d291af80-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4G5WezniOMFlkIHRkQlEoxPkGk1VyBLc8on2PT3NHRRnS8Z1H%2Bj22qU3X%2FQd7uqhEAuKBm9RSBjgcwRdZbeXhepcC0JnzQvJsz1NGVoTM6vaPqQTPxMCAIqAUwWn1bUZvGcsGUBCt1RcpXrDbjZS3a4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=86400
cf-polished: origSize=12273
cf-ray: 6be22701bf380f86-MXP
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-bgj: minify

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
51 KB 96ms
57ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f59489d853c5e17830f83124ae713209564b870cc655706f91f66002e253808f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51875
x-xss-protection: 0
server: cafe
etag: 10555365708456232589
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 15 Dec 2021 19:41:57 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 96 KB
29 KB 153ms
37ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (mil/6CE9) /
Resource Hash: 97719c71e44494e537beba8d51c6bb268a34dcd867fdefc431229225ca734b46

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 19:41:57 GMT
Content-Encoding: gzip
Last-Modified: Thu, 02 Dec 2021 21:35:27 GMT
Server: ECS (mil/6CE9)
Age: 1017
Etag: "50ec7e701ed018305368886c39cac301+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 29126

GET
H2 200 ajax-loader.gif
www.threatminer.org/images/ 3 KB
3 KB 69ms
68ms Image
image/gif 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.threatminer.org/images/ajax-loader.gif
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 934abde684325043e16edeffd73752cd5f0ab00b5723d8e47a618ce3f16a3799

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=2608
content-length: 2599
last-modified: Sat, 17 Oct 2015 00:26:24 GMT
server: cloudflare
etag: "a30-52241f64ccc00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3eex7VKMDG%2BzRPFUbHWoHyxj7NyJgKHOfnnB3CV%2B84iASq3dOYpCokvtHIVjcEM0vETHp9MxDAKCKiQqVL0CEw8adPu3jvnz6%2BcbbvMymKZYhprRQD6E7oI%2B45Fo2J46lcGtHUbAEa%2B2mvECmct4lRo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=86400
accept-ranges: bytes
cf-ray: 6be22702283d0f86-MXP
cf-bgj: imgq:100,h2pri

GET
H2 200 jquery-1.12.4.min.js Show response
www.threatminer.org/bower_components/jquery/dist/ 95 KB
34 KB 61ms
61ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/jquery/dist/jquery-1.12.4.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 12:15:38 GMT
server: cloudflare
etag: W/"17b8b-54e7561880e80-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5c84rszcY6h%2B1e2F0G9smdXAtEYPWYWI2FaaYf2DpV7dnzsOlL248bBVrxth9XnX0YR%2B7xgdTetdmodz7i4CC07yvHxGwxMD%2BiALDHsVw6GapDfl666yjjruMKrdffciRXIGi2WriGzJwTgasJ2NXYI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6be2270228130f86-MXP

GET
H2 200 bootstrap.min.js Show response
www.threatminer.org/bower_components/bootstrap/dist/js/ 35 KB
10 KB 56ms
56ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/bootstrap/dist/js/bootstrap.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
server: cloudflare
etag: W/"8c6f-51434f58bfb80-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bT64qcncSULPRevh%2Bypdrz%2BbE0fzIs0qcK%2BkiGUPTzTvHiKRmX8aZzZFbLDnYlNbrApH0q6FZZ04nTVmM3VY%2BOyAY3nlpZybNnnHM%2BKCu019svCcx5n7FnUFvE%2FRlrkrsr2npuBXVJena4%2FCrxhfuNA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6be2270228170f86-MXP

GET
H2 200 metisMenu.min.js Show response
www.threatminer.org/bower_components/metisMenu/dist/ 2 KB
1 KB 66ms
65ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/metisMenu/dist/metisMenu.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ab0a74bbd399efdf7c9c9bffb689f0a755fc7131d5af04c8393d45f5163a69b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
server: cloudflare
etag: W/"757-51434f58bfb80-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4whLEKMRBkNZsDW4kCnY8%2ByEUkhH5beRyvopcgKHL2vhLiZ8ptyJMSFi63QJ9RRUaZ7As860MeQrRIddlS5JGAfLZ%2BDLoEMSCujom1l%2BBksNzr%2F2MJjcVHEJ7v01ohVtl5JQL4KGG1EK9LIyESVlIjc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6be2270228210f86-MXP

GET
H2 200 jquery.dataTables.min.js Show response
www.threatminer.org/bower_components/datatables/media/js/ 81 KB
29 KB 92ms
90ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables/media/js/jquery.dataTables.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f4d3b47b47a8a31163dad5d7fb15e27a0056d07b0c34c6089fd9225664e847c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 12:24:55 GMT
server: cloudflare
etag: W/"14544-54e7582bb33c0-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Z1pPbpY04NI885k9SEQ4FdUW7vmGYB6RCMJq3xbSoYEYbBZvJRbsrS6s6pfrNYVKEARhYymcMBsxi1LnU9Fr3tCJbQbD71ID7G7o34kGUKOottK4gKmM3poo%2FVAzWTGYWwWhBTk7cIsCYyz6NqQu%2Bo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6be2270228240f86-MXP

GET
H2 200 dataTables.bootstrap.min.js Show response
www.threatminer.org/bower_components/datatables-plugins/integration/bootstrap/3/ 2 KB
1 KB 52ms
50ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/integration/bootstrap/3/dataTables.bootstrap.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a905062b971bfb70ba70dda1a454d9cb7f7389be7ff515f6eb9009c8e697a34b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
server: cloudflare
etag: W/"796-51434f58bfb80-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qG5vZ7CKA6k2NB7oZ5nxjkA2RRnMhG54kmbGVtuc%2FzqBhGvZopThgsgT9rdKRFpYL9jrrfBm4LnQTxcJl9kSAm9x4Z77oddAeEE8uv8CAGLQMdXy8HQepEX1tlOlfu00UAHa6qTyP3Nj3EilJo%2FiAuU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6be2270228260f86-MXP

GET
H2 200 dataTables.buttons.min.js Show response
www.threatminer.org/bower_components/datatables-plugins/buttons/media/js/ 16 KB
6 KB 57ms
55ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/buttons/media/js/dataTables.buttons.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8aeaf60f6f34ced8ed9c83b249bdfc8544cc8f318294074898e6ced1d04e678c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 12:34:43 GMT
server: cloudflare
etag: W/"4088-54e75a5c75ec0-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x6qEtG%2FKkYtYzYTU%2B%2FUCBRUPPgJW3mYbKD%2FaLSi32jf5FOBleIvpJkRwkUeLg1%2FACzXclm9MBAyDiX3ye8k13D67JYJLv457yTN%2BFK5JKiLemB04RrBxzvkKUizzs2DCRWKBMq2I%2BedlUnxUULcDcqI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6be2270228290f86-MXP

GET
H2 200 pdfmake.min.js Show response
www.threatminer.org/bower_components/datatables-plugins/pdfmake/media/js/ 1 MB
391 KB 75ms
72ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/pdfmake/media/js/pdfmake.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf919e6fbfbf62a4f8cfaab4cf5c5f80e7c10be2bc9f7e4c70142175c0b49b4f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 11:37:06 GMT
server: cloudflare
etag: W/"106721-54e74d7b9bc80-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PsIYh0HaCZFSeqmg0KXomDgeVv8OsRux07U8UpgXK3MR5yfNdzM4qJdd3edg%2FSUgAacHUTlJVmrP4IGPiT5%2BMOP26WY7SiOhckxRODSn4ij7YFRdJuH96MNz1Z5JFahzEDEAt9DiuP%2BAu9zOZgnFn3g%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6be22702282a0f86-MXP

GET
H2 200 jszip.min.js Show response
www.threatminer.org/bower_components/datatables-plugins/jszip/media/js/ 100 KB
31 KB 75ms
73ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/jszip/media/js/jszip.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45b3ffadbc785de6091fa798527891eb7264e4d115e3c1a37acb60e3d70d4966

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 11:36:59 GMT
server: cloudflare
etag: W/"18e33-54e74d74eecc0-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F5l26jFVU9yzZlZTS%2F6JhWST3Go%2FJUFQUreVNCpV9kMWYhpoqoUgRbio5B9TP5xybUciwvscP%2B5x7dXI1qCW8Sr%2BKuOUOAFhk0KHvG1rkt58qMKVxbyXSAlYeQXIISxtuBK95ClwbFqc3wWv2GWXjyg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6be22702282b0f86-MXP

GET
H2 200 vfs_fonts.js Show response
www.threatminer.org/bower_components/datatables-plugins/vfs_fonts/media/js/ 933 KB
454 KB 67ms
65ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/vfs_fonts/media/js/vfs_fonts.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ecee1d502f45731162f99f4d6aa07c0315a26a8382c1b1bc3c9958ab3ff04000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 11:37:11 GMT
server: cloudflare
etag: W/"e94d3-54e74d80607c0-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=To%2B0BzxgifyDcUX%2Bg3gSs%2FNSRpNfTHsTdBgRFpPE8pG0JwCQhUNKPZ2QWGwmwY%2F%2Bd%2BXtb2q2BOlVAQEuj6nGYLsXSlwaigRv4nTs31aXzxoaxwSuyu1cZn%2BmMrOuZ%2B4PtSo5hUxqU3iWxy3%2B%2FYfz55I%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-polished: origSize=955603
cf-ray: 6be22702282d0f86-MXP
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-bgj: minify

GET
H2 200 buttons.html5.min.js Show response
www.threatminer.org/bower_components/datatables-plugins/buttons/media/js/ 23 KB
6 KB 67ms
64ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/datatables-plugins/buttons/media/js/buttons.html5.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 07a081c6a38ab09a0163aecaaf77713ffae6e09d06ba1a112efef22e01857ddc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 01 May 2017 11:37:16 GMT
server: cloudflare
etag: W/"5b7a-54e74d8525300-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xxL0KpXyBhygz8VP0Me9o4sjrPEv3aWLGLTC0XE%2FINKS7QZDawtHjfcAWWypJm0WdL%2FIvTyIH2E3RSOBoreD2%2F2i7sQjH4pVmfQDOwbal7jgeuXt%2Bh%2Br1wgvd1YhXkJTujzeFYTFy0KQ8py3WzUPUjs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6be2270228360f86-MXP

GET
H2 200 sb-admin-2.js Show response
www.threatminer.org/dist/js/ 756 B
876 B 85ms
83ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/dist/js/sb-admin-2.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed99491fe47b5733d1ad2fbf90f5d9066d049a530d1b92ebe47be5e0c527a32e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 25 May 2019 17:16:01 GMT
server: cloudflare
etag: W/"49d-589b97821f640-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kSaKXklE%2BXvZmudSYPUzzXO%2F0qurcwff6QOvm0QTFzPmdyjJs7m%2FxkO450Q3ZnZyb3a6m5iZescdyQ7gFgA6X3dbE815rE4Fkmq%2BN%2Bj3XbcCUFCBejd21yZ4WvHKz6Gkh5ICBmaq4Ir9JuanwerfsI4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-polished: origSize=1181
cf-ray: 6be2270228380f86-MXP
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-bgj: minify

GET
H2 200 tm_utility.js Show response
www.threatminer.org/dist/js/ 8 KB
2 KB 65ms
64ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/dist/js/tm_utility.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e725928ffb665a91ca8a3631e3002edba9b0f9ec66b40a59d53db0f44827e34e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 22 Nov 2021 16:06:03 GMT
server: cloudflare
etag: W/"2901-5d162cd378793-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g3aLMUqfc%2Fgrb0b6u%2FVeDQ8Ek7PpLRLOMjJT62SpHBydkQjTjx0Phr11SPCPIIOxUlVQ9zPfogoqrRUj4%2Fiv1V7YGv67QGjOVTKPAwjWHJAKrVtblHENC12RkJkM2CBBbmSysdiREw74BgvkHHYITUw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-polished: origSize=10497
cf-ray: 6be2270228390f86-MXP
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-bgj: minify

GET
H2 200 social-share-kit.min.js Show response
www.threatminer.org/dist/js/ 6 KB
3 KB 66ms
64ms Script
application/javascript 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/dist/js/social-share-kit.min.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac74cddb007ace18442f5111c4c23125de6031dca42bcead5ea5bfb12d2ca332

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 09 Mar 2019 16:07:52 GMT
server: cloudflare
etag: W/"179c-583ab8aa0e600-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AXIJ1KXt5FiUtIxc7A9t0AHMr1Sfo2TdLPAgsqI2E5FIsGZ7fYV%2BNVKu%2FjByVy8a%2Fvj0MMEYAUSddFbIXfj1c0PGo%2BWFwF7%2Br9mJqHJFY5iKkWs6Y4Kd5eQji2pBr4RrjHXnarIoruyb0wNNJ%2B1c75M%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6be22702283c0f86-MXP

GET
H2

200

80x15.png
licensebuttons.net/l/by/4.0/
Redirect Chain

https://i.creativecommons.org/l/by/4.0/80x15.png
https://licensebuttons.net/l/by/4.0/80x15.png

430 B
1 KB

77ms
29ms

Image
image/png

2606:4700:20::681a:5d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://licensebuttons.net/l/by/4.0/80x15.png

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Server

2606:4700:20::681a:5d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f43d4d35e7ac1e815dc0c8897806e30d928ee62e1aa6ac20f49c649f8b694004

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5524
cf-polished: origSize=640
vary: Accept-Encoding
content-length: 430
x-xss-protection: 1; mode=block
last-modified: Thu, 30 Apr 2020 21:59:13 GMT
server: cloudflare
x-frame-options: deny
etag: "5eab4a31-280"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XydBnk%2Fg0Gcu%2BfatN08SJroayzptLfRqj%2F%2BXizRqAkCCKackDPB1oNL2U3P%2FvuFSxc%2BER24LB9Y5EYw5D4HNdIsvRqkF9EX0oCFShltFrxcLTcX60FwyyPj6ioiTal8OS6TVdpxADBJTt8FYEgfqXw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 6be227032d720f4e-MXP
cf-bgj: imgq:100,h2pri

Redirect headers

date: Wed, 15 Dec 2021 19:41:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
server: cloudflare
age: 489
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: deny
content-type: text/html
location: https://licensebuttons.net/l/by/4.0/80x15.png
cache-control: max-age=432000
strict-transport-security: max-age=15768000
cf-ray: 6be227029b9a59d1-MXP
vary: Accept-Encoding
x-xss-protection: 1; mode=block

GET
H2 200 infolinks_main.js Show response
resources.infolinks.com/js/ 3 KB
2 KB 108ms
38ms Script
application/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/infolinks_main.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9cff0359137fc419fd2612e9e813c2f61cc9dd1b915d0c7bb650e8f0ff9e5710

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray: 6be22702a9cd54e1-MAN
date: Wed, 15 Dec 2021 19:41:57 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Wed, 15 Dec 2021 14:45:02 GMT
server: cloudflare
age: 3401
etag: W/"d66-5d33059cfc081"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600
content-encoding: gzip
expires: Wed, 15 Dec 2021 19:45:16 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 33ms
7ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 423
date: Wed, 15 Dec 2021 19:34:54 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 15 Dec 2021 21:34:54 GMT

GET
H2 200 fontawesome-webfont.woff
www.threatminer.org/bower_components/font-awesome/fonts/ 64 KB
64 KB 81ms
81ms Font
application/font-woff 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/bower_components/font-awesome/fonts/fontawesome-webfont.woff?v=4.2.0
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/bower_components/font-awesome/css/font-awesome.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1

Request headers

Referer: https://www.threatminer.org/bower_components/font-awesome/css/font-awesome.min.css
Origin: https://www.threatminer.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Apr 2015 05:02:54 GMT
server: cloudflare
etag: W/"ffac-51434f58bfb80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hYcfBg2UQHPnVnyYkdqnszc8d6B%2B1oeceBOEP2fugdq5jBG11WGNR6uM7h4uhJxTHPmZmS30iQp2STvr0%2BxFZYTlmqwQZcfnLtcHEEEid%2Bj7ey1RRXb%2BMypM%2FekNOtTmpjdfaBEoXtW2LRvh8nqalZg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6be2270238410f86-MXP

GET
H/1.1 200
OK embed.js Show response
threatminer.disqus.com/ 74 KB
25 KB 202ms
163ms Script
application/javascript 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://threatminer.disqus.com/embed.js

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

88d58bb46e06562cfca08164528f2cb5fe2787e6128999357d8945a73dfff419

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 19:41:57 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 24639
Cross-Origin-Resource-Policy: cross-origin

GET
H2 200 social-share-kit.woff
www.threatminer.org/dist/fonts/ 7 KB
7 KB 76ms
76ms Font
application/font-woff 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/dist/fonts/social-share-kit.woff
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/dist/css/social-share-kit.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 697c41fffac431521f2db48c7426ac23b972b6eb7b1242f0bb47d6079884d3a4

Request headers

Referer: https://www.threatminer.org/dist/css/social-share-kit.css
Origin: https://www.threatminer.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 16 Dec 2016 10:13:34 GMT
server: cloudflare
etag: W/"1b08-543c3d291af80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xVrFcPSos9iPYehR7VxIsMXMC36A4UvvhHSkH4LZjlPPCysKcRBKgFyz0hl2gL7taerKzTDEsc2L1KiLGMXpyKMb%2FbcuLPzTa%2FBwKLnvJvBjO1mmz%2BgFDVAYm3wuuuovSztuWDs7lFHXKoDPsbolat8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
cache-control: max-age=86400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6be22702589b0f86-MXP

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
210 B 22ms
21ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=1410843209&t=pageview&_s=1&dl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&ul=en-us&de=UTF-8&dt=f326e2b2eb1f84179c8d81fb31d22ea7%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=2113038219&gjid=716588294&cid=312059641.1639597318&tid=UA-73787980-1&_gid=1650966313.1639597318&_r=1&_slc=1&z=186341769

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.threatminer.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 15 Dec 2021 19:41:57 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.threatminer.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/ 276 KB
99 KB 49ms
35ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5720763271532377&plah=www.threatminer.org

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00db1163ca6054f2a8496a8613addd64991e27eedc8a136ca3e1f9dc04e894f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101734
x-xss-protection: 0
server: cafe
etag: 4507154694380913909
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 15 Dec 2021 19:41:57 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/ Frame 20CF 11 KB
5 KB 30ms
7ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211207/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 15 Dec 2021 18:37:20 GMT
expires: Wed, 29 Dec 2021 18:37:20 GMT
content-type: text/html; charset=UTF-8
etag: 17731914101004188133
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4884
x-xss-protection: 0
age: 3877
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 getReport.php Show response
www.threatminer.org/ 0
311 B 59ms
59ms XHR
text/html 2606:4700:20::681a:eeb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.threatminer.org/getReport.php?e=notes_container&t=2&q=f326e2b2eb1f84179c8d81fb31d22ea7
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/dist/js/tm_utility.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pAln%2BUM%2F7Ky5HNgS2sCb6tP01ULDTAWonR72VNe2kTAwvO4%2FsEqwH%2FHGMJ4eM7h4fy8CtjeAAf1eg0rrLd47VywzG9LbTHvhWkYmYrhcNfDY%2BIDAT5IGwmVLW0SxaC9hhYNLZaFT4Vt70YL3rWAZPEI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 6be22703eba00f86-MXP

GET
H2 200 ice.js Show response
resources.infolinks.com/js/1769.027-3.025/ 207 KB
67 KB 41ms
41ms Script
application/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d44ceec8bba88323fa0fdc3d0a6793b6f1e0c31d465be241d2142abd9ae36e50

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray: 6be22703fb6354e1-MAN
date: Wed, 15 Dec 2021 19:41:57 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Sat, 11 Dec 2021 06:26:43 GMT
server: cloudflare
age: 2442
etag: W/"33cca-5d2d8ec5512a4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
content-encoding: gzip
expires: Fri, 14 Jan 2022 19:01:15 GMT

GET
H2 200 cse.js Show response
cse.google.com/ 10 KB
4 KB 94ms
54ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse.js?cx=009665096751685288782:o6_z_tmwsge

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

8b2553416435397af6366dab4408c3ba8b4508d67cbde843237956ce553c707f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

bfcache-opt-in: unload
date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: br
server: gws
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3491
x-xss-protection: 0
expires: Wed, 15 Dec 2021 19:41:57 GMT

GET
H/1.1 200
OK widget_iframe.21f942bb866c2823339b839747a0c50c.html Show response
platform.twitter.com/widgets/ Frame 9F7E 319 KB
103 KB 38ms
37ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.21f942bb866c2823339b839747a0c50c.html?origin=https%3A%2F%2Fwww.threatminer.org
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (mil/6CF2) /
Resource Hash: c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 515735
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Wed, 15 Dec 2021 19:41:57 GMT
Etag: "8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified: Thu, 02 Dec 2021 21:34:18 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (mil/6CF2)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105433

GET
H2 200 lounge.7ab903feba7624935283ca4c7d8c7203.css
c.disquscdn.com/next/embed/styles/ 0
26 KB 84ms
13ms Other
text/css 2600:9000:2240:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css

Requested by

Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 23:27:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 677690
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 26065
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 07 Dec 2021 22:32:35 GMT
server: nginx
etag: "61afe103-65d1"
content-type: text/css; charset=utf-8
via: 1.1 bf791e1829ff18782cd9837fbba03616.cloudfront.net (CloudFront)
expires: Wed, 07 Dec 2022 23:27:07 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA60-P1
timing-allow-origin: *
x-amz-cf-id: 2ojHgbBOS3iEEYE7fBnM0RPdjt7H--uzia4T9GjQpw6FGDbGphHU7w==
x-cache-hits: 0

GET
H2 200 common.bundle.2f2f40d40785c9541a90e9086c8770a3.js
c.disquscdn.com/next/embed/ 0
93 KB 87ms
16ms Other
application/javascript 2600:9000:2240:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.2f2f40d40785c9541a90e9086c8770a3.js

Requested by

Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 25 Oct 2021 14:45:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4424187
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94779
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Fri, 22 Oct 2021 00:26:02 GMT
server: nginx
etag: "6172051a-1723b"
content-type: application/javascript; charset=utf-8
via: 1.1 bf791e1829ff18782cd9837fbba03616.cloudfront.net (CloudFront)
expires: Tue, 25 Oct 2022 14:45:30 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA60-P1
timing-allow-origin: *
x-amz-cf-id: VnnaVwPXzkdNUfi0lpGUIUlAK-FV6GkhqpOE-iI5MgUtC69Mrxqy_Q==
x-cache-hits: 0

GET
H2 200 lounge.bundle.920cdf639b386b42eddc25a8b2755561.js
c.disquscdn.com/next/embed/ 0
121 KB 96ms
25ms Other
application/javascript 2600:9000:2240:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.920cdf639b386b42eddc25a8b2755561.js

Requested by

Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 23:27:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 677690
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 122873
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 07 Dec 2021 22:32:35 GMT
server: nginx
etag: "61afe103-1dff9"
content-type: application/javascript; charset=utf-8
via: 1.1 bf791e1829ff18782cd9837fbba03616.cloudfront.net (CloudFront)
expires: Wed, 07 Dec 2022 23:27:07 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA60-P1
timing-allow-origin: *
x-amz-cf-id: JZMkrkIf2alHxUdeQWUv1Z4qOvOdpWuhm-qLqgPA7SmjKj4gSKOKRg==
x-cache-hits: 0

GET
H/1.1 200
OK config.js
disqus.com/next/ 0
15 KB 40ms
10ms Other
application/javascript 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 19:41:57 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 22
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 14552
X-XSS-Protection: 1; mode=block

GET
H2 200 manage Show response
router.infolinks.com/usync/ Frame D2FE 9 KB
2 KB 266ms
258ms Document
text/html 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 152bfeba2aa31c3dc60e5434b7e842a11b7fdc5499551a813d1586a4f13f1229

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
content-type: text/html;charset=UTF-8
cache-control: no-store
p3p: CP="NON DSP NID OUR COR"
via: 1.1 google
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6be22704bc4554e1-MAN
content-encoding: gzip

GET
H2 200 lcmanage Show response
router.infolinks.com/usync/ 0
67 B 195ms
190ms Script
text/plain 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/usync/lcmanage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control: no-store
cf-ray: 6be22704bc4754e1-MAN
content-length: 0

GET
H2 200 gsd Show response
router.infolinks.com/ 321 B
526 B 132ms
129ms Script
text/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/gsd?evt=afterGSD&pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&jsv=1769.027-3.025&_cb=16395973178590
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21f7d05d1d6625dccdc8b86346e612e8f93ef39bd0562b4f72bcea8349a282f6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Dec 2021 19:41:57 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: text/javascript;charset=UTF-8
content-encoding: gzip
cache-control: max-age=0
cf-ray: 6be22704bc4854e1-MAN
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 219 B
647 B 56ms
16ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.threatminer.org&callback=_gfp_s_&client=ca-pub-5720763271532377

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5720763271532377&plah=www.threatminer.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

9c01d2e694ddf5266ab0ab9935980eac79b704e85ac4eada81af92b7da92e705

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 203
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 69ms
18ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.threatminer.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 42ms
16ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.threatminer.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3DB5 102 KB
37 KB 489ms
474ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=250&slotname=4491384285&adk=1382012186&adf=1527761000&pi=t.ma~as.4491384285&w=299&fwrn=4&fwrnh=100&lmt=1639597317&rafmt=3&psa=0&format=299x250&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597317596&bpp=4&bdt=234&idt=276&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&correlator=8719168437898&frm=20&pv=2&ga_vid=312059641.1639597318&ga_sid=1639597318&ga_hid=1410843209&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=229&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=464529641161210&pem=28&tmod=284&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=f1bbzY06vH&p=https%3A//www.threatminer.org&dtd=290

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

94876041a90553ced36086c2aef6cab321b6e11e7823d600d19826b43b85e9e9

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CL3Z1v3H5vQCFQnl7Qoddd4AlA&gqi=BUW6YZ-FOJWImwewj7Bw&layout=/sadbundle/%24csp%253Der3%24/12540294092154453593/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CL3Z1v3H5vQCFQnl7Qoddd4AlA&gqi=BUW6YZ-FOJWImwewj7Bw&layout=/sadbundle/%24csp%253Der3%24/12540294092154453593/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 15 Dec 2021 19:41:58 GMT
server: cafe
content-length: 37790
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 15 Dec 2021 19:41:58 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2FE9 72 KB
27 KB 1355ms
1355ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=600&slotname=6407101181&adk=2989800909&adf=2245449527&pi=t.ma~as.6407101181&w=299&fwrn=4&fwrnh=100&lmt=1639597317&rafmt=1&psa=0&format=299x600&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597317600&bpp=1&bdt=239&idt=302&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250&correlator=8719168437898&frm=20&pv=1&ga_vid=312059641.1639597318&ga_sid=1639597318&ga_hid=1410843209&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=464529641161210&pem=28&tmod=284&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=PjDwG60QCM&p=https%3A//www.threatminer.org&dtd=306

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c9a2391ae6ce4ce0aff0ee463999ede2990b2fac59d002fb8fef9cb5beada82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 15 Dec 2021 19:41:59 GMT
server: cafe
content-length: 27769
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 15 Dec 2021 19:41:59 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame BB24 87 KB
30 KB 431ms
431ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=1381165906&adk=2644663765&adf=151644923&pi=t.ma~as.1381165906&w=1182&fwrn=4&lmt=1639597317&rafmt=11&psa=0&format=1182x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597317600&bpp=1&bdt=239&idt=311&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600&correlator=8719168437898&frm=20&pv=1&ga_vid=312059641.1639597318&ga_sid=1639597318&ga_hid=1410843209&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=464529641161210&pem=28&tmod=284&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=mizkS2ptyV&p=https%3A//www.threatminer.org&dtd=315

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bcaef35a4b2497b99ab57024641c675fdceaa2b13d423a044c7171206d1a5725

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 15 Dec 2021 19:41:58 GMT
server: cafe
content-length: 30557
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 15 Dec 2021 19:41:58 GMT
cache-control: private

GET
H2 200 cse_element__en.js Show response
www.google.com/cse/static/element/54e62135847a1703/ 300 KB
300 KB 36ms
11ms Script
text/javascript 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/54e62135847a1703/cse_element__en.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=009665096751685288782:o6_z_tmwsge

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f0216265ffcc78522466531b2c333ad5725a51f151b18c5e2fb24d4e3e89ef23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 14 Dec 2021 14:33:27 GMT
x-content-type-options: nosniff
age: 104910
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 306768
x-xss-protection: 0
last-modified: Fri, 12 Nov 2021 20:41:35 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Wed, 14 Dec 2022 14:33:27 GMT

GET
H2 200 default+en.css
www.google.com/cse/static/element/54e62135847a1703/ 41 KB
9 KB 32ms
8ms Stylesheet
text/css 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/54e62135847a1703/default+en.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=009665096751685288782:o6_z_tmwsge

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b0789c3ab7df1f2580e95bb47eb5bb6dc19b4fc5a91b1f1ae1d9484dab534a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 14 Dec 2021 14:33:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 104909
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9086
x-xss-protection: 0
last-modified: Fri, 12 Nov 2021 20:41:35 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Wed, 14 Dec 2022 14:33:28 GMT

GET
H2 200 default.css
www.google.com/cse/static/style/look/v4/ 4 KB
1 KB 32ms
9ms Stylesheet
text/css 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/default.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=009665096751685288782:o6_z_tmwsge

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 18:53:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2910
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1345
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Wed, 15 Dec 2021 19:43:27 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1E39 82 KB
29 KB 684ms
683ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=6125219520&adk=3585176026&adf=3636535385&pi=t.ma~as.6125219520&w=1200&fwrn=4&lmt=1639597317&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597317601&bpp=1&bdt=239&idt=318&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200&correlator=8719168437898&frm=20&pv=1&ga_vid=312059641.1639597318&ga_sid=1639597318&ga_hid=1410843209&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1139&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=464529641161210&pem=28&tmod=284&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=7F0wDg2rEw&p=https%3A//www.threatminer.org&dtd=321

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c1ed78981cabba1b9ff75784aab3fd68ec96c05e33cdcffd00b72455e97d1159

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 15 Dec 2021 19:41:58 GMT
server: cafe
content-length: 29911
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 15 Dec 2021 19:41:58 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame CCEE 82 KB
28 KB 543ms
542ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=8831273914&adk=3175788880&adf=3735847537&pi=t.ma~as.8831273914&w=1200&fwrn=4&lmt=1639597317&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597317601&bpp=1&bdt=240&idt=325&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200&correlator=8719168437898&frm=20&pv=1&ga_vid=312059641.1639597318&ga_sid=1639597318&ga_hid=1410843209&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2190&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=464529641161210&pem=28&tmod=284&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=TcvVvCWhWj&p=https%3A//www.threatminer.org&dtd=327

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cc17132607c3219dcf8b3e53f1e184b67eea8a0227eeb9883ed97efd35c6b5b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 15 Dec 2021 19:41:58 GMT
server: cafe
content-length: 29050
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 15 Dec 2021 19:41:58 GMT
cache-control: private

GET
H/1.1 200
OK / Show response
disqus.com/embed/comments/ Frame C7C6 6 KB
4 KB 189ms
189ms Document
text/html 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=f326e2b2eb1f84179c8d81fb31d22ea7&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&t_d=f326e2b2eb1f84179c8d81fb31d22ea7%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=f326e2b2eb1f84179c8d81fb31d22ea7%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default

Requested by

Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cc387fc9c925ca2edcb9d674ad84b70dfcfc40661d264afeb13513d693dd3ceb

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/

Response headers

Connection: keep-alive
Content-Length: 2724
Server: nginx
Content-Type: text/html; charset=utf-8
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Last-Modified: Wed, 15 Dec 2021 19:41:58 GMT
ETag: W/"lounge:view:8927646557.f3733e0387768699a648adb2ea9c98d2.2"
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Referrer-Policy: no-referrer-when-downgrade
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Date: Wed, 15 Dec 2021 19:41:58 GMT
Age: 0
Vary: Accept-Encoding
Cross-Origin-Resource-Policy: cross-origin
Strict-Transport-Security: max-age=300; includeSubdomains

GET
H/1.1 200
OK / Show response
tempest.services.disqus.com/ads-iframe/taboola/ 28 KB
9 KB 168ms
137ms XHR
text/html 199.232.196.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://tempest.services.disqus.com/ads-iframe/taboola/?position=top&shortname=threatminer&experiment=network_default&variant=fallthrough&service=dynamic&anchorColor=%23337ab7&colorScheme=light&sourceUrl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&typeface=sans-serif&disqus_version=current
Requested by: Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.196.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 07697773cb80657614cc2f54daa9b5a6b222d95e912815db4c46b23375be6b9b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 19:41:58 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding,
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=300
X-Service: router
Connection: keep-alive
Content-Length: 9303
Cross-Origin-Resource-Policy: cross-origin

GET
H/1.1 200
OK / Show response
tempest.services.disqus.com/ads-iframe/taboola/ 28 KB
9 KB 147ms
123ms XHR
text/html 199.232.196.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://tempest.services.disqus.com/ads-iframe/taboola/?position=bottom&shortname=threatminer&experiment=network_default&variant=fallthrough&service=dynamic&anchorColor=%23337ab7&colorScheme=light&sourceUrl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&typeface=sans-serif&disqus_version=current
Requested by: Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.196.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 65d0e7ce2c3819ea241df43cc01d47010bcb09bf0466695b2d5ee6da75f91763

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 19:41:58 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding,
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=300
X-Service: router
Connection: keep-alive
Content-Length: 9304
Cross-Origin-Resource-Policy: cross-origin

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ 43 B
339 B 122ms
96ms Image
image/gif 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?imp=8skon082b8r7fp&experiment=network_default&variant=fallthrough&service=dynamic&area=top&product=embed&forum=threatminer&zone=thread&version=9068118211410bc5f67f5bb8d6806cba&page_url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&page_referrer=&object_type=provider&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Anetwork_default%3Afallthrough&section=default&verb=call&adjective=1&forum_id=5993718

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 19:41:58 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ 43 B
339 B 127ms
101ms Image
image/gif 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?imp=8skon082b8r7fp&experiment=network_default&variant=fallthrough&service=dynamic&area=bottom&product=embed&forum=threatminer&zone=thread&version=9068118211410bc5f67f5bb8d6806cba&page_url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&page_referrer=&object_type=provider&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Anetwork_default%3Afallthrough&section=default&verb=call&adjective=1&forum_id=5993718

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 19:41:58 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 9F7E 232 B
448 B 142ms
120ms Fetch
application/json 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=fe1ed0c89e8efb54d77a299fe7a22681d701be64

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.21f942bb866c2823339b839747a0c50c.html?origin=https%3A%2F%2Fwww.threatminer.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-response-time: 113
date: Wed, 15 Dec 2021 19:41:57 GMT
content-encoding: gzip
last-modified: Wed, 15 Dec 2021 19:41:58 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: 36fdd692ab8006108ceb38748143bda8dddaa8f0bc320809db1d6005ca945494
content-length: 166

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 30ms
16ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.threatminer.org

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 15 Dec 2021 19:41:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 31ms
16ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.threatminer.org

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 15 Dec 2021 19:41:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 40ms
39ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&tn=DIV&id=privacy_notice&cls=alert%20alert-info%20alert-dismissable%20bottom_popup&ign=false&pw=1600&ph=1200&x=800&y=1130.4

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Dec 2021 19:41:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8F6B 300 KB
74 KB 686ms
685ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&adk=1812271804&adf=3025194257&lmt=1639597317&plat=1%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597317749&bpp=1&bdt=387&idt=226&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De4c9cb27a2dbe5d5-2233352e07cd004b%3AT%3D1639597317%3ART%3D1639597317%3AS%3DALNI_MY8p5BVu3i4J8z4a6SLzdPQOlfcng&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200%2C1200x200&nras=1&correlator=8719168437898&frm=20&pv=1&ga_vid=312059641.1639597318&ga_sid=1639597318&ga_hid=1410843209&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=464529641161210&pem=28&tmod=284&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=8&uci=a!8&fsb=1&dtd=234

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fe28445d244301d6be97b82803aa9d9d896aa6df75d542cc01e833b0a721ee84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 15 Dec 2021 19:41:58 GMT
server: cafe
content-length: 75855
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 15 Dec 2021 19:41:58 GMT
cache-control: private

GET
H3 200 async-ads.js Show response
cse.google.com/adsense/search/ 134 KB
49 KB 31ms
17ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/adsense/search/async-ads.js

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/54e62135847a1703/cse_element__en.js?usqp=CAI%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a5c8d565ff2094a383ec715b87bc2a787d1913906358159751b7f232c9238c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
etag: "14482206957989104827"
vary: Accept-Encoding
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
accept-ranges: bytes
expires: Wed, 15 Dec 2021 19:41:58 GMT

GET
H3 200 clear.png
www.google.com/cse/static/css/v2/ 1018 B
1 KB 26ms
8ms Image
image/png 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/css/v2/clear.png

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/54e62135847a1703/default+en.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/cse/static/element/54e62135847a1703/default+en.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 14 Dec 2021 17:04:14 GMT
x-content-type-options: nosniff
age: 95864
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1018
x-xss-protection: 0
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Wed, 14 Dec 2022 17:04:14 GMT

GET
H3 200 branding.png
www.google.com/cse/static/images/1x/en/ 1 KB
1 KB 19ms
9ms Image
image/png 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/images/1x/en/branding.png

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 04:12:47 GMT
x-content-type-options: nosniff
age: 487751
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1372
x-xss-protection: 0
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Sat, 10 Dec 2022 04:12:47 GMT

GET
H3 200 v1 Show response
cse.google.com/cse/element/ 463 B
330 B 249ms
249ms Script
application/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse/element/v1?rsz=5&num=5&hl=en&source=gcsc&gss=.com&cselibv=54e62135847a1703&cx=009665096751685288782:o6_z_tmwsge&q=f326e2b2eb1f84179c8d81fb31d22ea7&safe=off&cse_tok=AJvRUv2Hvt48rq9NWgRHd_5tXG5r:1639597317817&filter=0&sort=&exp=csqr,cc&callback=google.search.cse.api4286

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/54e62135847a1703/cse_element__en.js?usqp=CAI%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4e4062a806daf9883e01ed7c06b8a6b281ebf6cede0711be10360996d10c39c3

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/QualityProseCsqrElementHttp/cspreport, script-src 'report-sample' 'nonce-nr0VWv9DrS5bQ+SNSz4e0w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/QualityProseCsqrElementHttp/cspreport;worker-src 'self', script-src 'nonce-nr0VWv9DrS5bQ+SNSz4e0w' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/QualityProseCsqrElementHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-security-policy: require-trusted-types-for 'script';report-uri /_/QualityProseCsqrElementHttp/cspreport, script-src 'report-sample' 'nonce-nr0VWv9DrS5bQ+SNSz4e0w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/QualityProseCsqrElementHttp/cspreport;worker-src 'self', script-src 'nonce-nr0VWv9DrS5bQ+SNSz4e0w' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/QualityProseCsqrElementHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 204 generate_204
www.googleapis.com/ 0
178 B 37ms
7ms Image
text/plain 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.googleapis.com/generate_204
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 204 generate_204
clients1.google.com/ 0
39 B 36ms
7ms Image
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clients1.google.com/generate_204
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

POST
H2 200 doq.htm Show response
rt3025.infolinks.com/action/ 1 KB
1 KB 242ms
196ms XHR
text/html 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rt3025.infolinks.com/action/doq.htm?pcode=utf-8&r=16395973180631
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b374ecea628d6b29dd3ef9369b146bd4e3de07e218310835f7afb9fd85df1572

Request headers

Referer: https://www.threatminer.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
p3p: CP="NON DSP NID OUR COR"
content-type: text/html;charset=UTF-8
x-application-context: application:prod
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-language: de-DE
access-control-allow-origin: https://www.threatminer.org
cache-control: no-cache,no-store
access-control-allow-credentials: true
cf-ray: 6be2270639923b07-CDG
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 ads Show response
cse.google.com/cse_v2/ Frame CE13 709 B
416 B 59ms
58ms Document
text/html 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse_v2/ads?adsafe=low&pcsa=true&cx=009665096751685288782%3Ao6_z_tmwsge&client=google-coop&q=f326e2b2eb1f84179c8d81fb31d22ea7&r=m&hl=en&type=0&oe=UTF-8&ie=UTF-8&fexp=20606%2C17300769%2C17300772%2C17300841%2C17300859%2C17300861&format=p4&ad=p4&nocache=3021639597318073&num=0&output=uds_ads_only&source=gcsc&v=3&bsl=10&pac=0&u_his=2&u_tz=0&dt=1639597318074&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=6989&frm=0&uio=-&qup=1&inames=master-1&jsv=14764&rurl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7%23gsc.tab%3D0%26gsc.q%3Df326e2b2eb1f84179c8d81fb31d22ea7%26gsc.page%3D1

Requested by

Host: cse.google.com
URL: https://cse.google.com/adsense/search/async-ads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

c006f68802d02eafe119beb4091fad20812eb254386c62059b74bc104a23e37b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/

Response headers

cache-control: private, max-age=3600
content-type: text/html; charset=UTF-8
content-encoding: br
date: Wed, 15 Dec 2021 19:41:58 GMT
server: gws
content-length: 397
x-xss-protection: 0
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 15 Dec 2021 19:41:58 GMT

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/ Frame 0D52 242 KB
39 KB 54ms
18ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1bcefc6d6ee694c516246a71b2dc1ccb8e817a9a19e728473a8cc7b60afb89b4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: 0dhTyno4dD6anvKTdgGuJL9VNnQ4.UwY
content-encoding: gzip
etag: "ac1e2dc841e334571a9ddc3674bfd7b7"
age: 77
x-cache: HIT
content-length: 39541
x-amz-id-2: qiBtdV8QrwWi+WqWLXdThhPfqPBRWmqmCu3pLTwvA4+ImglkIJIdpbE6GqJKeXvjPH5DX+3I0tc=
x-served-by: cache-cdg20753-CDG
last-modified: Wed, 15 Dec 2021 10:15:38 GMT
server: AmazonS3
x-timer: S1639597318.140416,VS0,VE0
date: Wed, 15 Dec 2021 19:41:58 GMT
vary: Accept-Encoding
x-amz-request-id: WF4VN9F0W4SMDGKV
via: 1.1 varnish
cache-control: private,max-age=14401
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 92
x-cache-hits: 4

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/ Frame 36D3 242 KB
39 KB 52ms
29ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1bcefc6d6ee694c516246a71b2dc1ccb8e817a9a19e728473a8cc7b60afb89b4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: 0dhTyno4dD6anvKTdgGuJL9VNnQ4.UwY
content-encoding: gzip
etag: "ac1e2dc841e334571a9ddc3674bfd7b7"
age: 77
x-cache: HIT
content-length: 39541
x-amz-id-2: qiBtdV8QrwWi+WqWLXdThhPfqPBRWmqmCu3pLTwvA4+ImglkIJIdpbE6GqJKeXvjPH5DX+3I0tc=
x-served-by: cache-cdg20753-CDG
last-modified: Wed, 15 Dec 2021 10:15:38 GMT
server: AmazonS3
x-timer: S1639597318.140595,VS0,VE0
date: Wed, 15 Dec 2021 19:41:58 GMT
vary: Accept-Encoding
x-amz-request-id: WF4VN9F0W4SMDGKV
via: 1.1 varnish
cache-control: private,max-age=14401
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 92
x-cache-hits: 5

GET
H/1.1 200
OK moment~timeline.c7de492113f2eac2bb49ff9013aa2889.js Show response
platform.twitter.com/js/ 25 KB
8 KB 40ms
39ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/moment~timeline.c7de492113f2eac2bb49ff9013aa2889.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (mil/6CEE) /
Resource Hash: de8383d06a56f08749ed99ad3d43911fe88072a79e9148e2d1dead390f64893f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 19:41:58 GMT
Content-Encoding: gzip
Last-Modified: Thu, 02 Dec 2021 21:34:11 GMT
Server: ECS (mil/6CEE)
Age: 515735
Etag: "643f975645cfdfec2ae02aad7fbc9eea+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 8013

GET
H/1.1 200
OK timeline.55167c7072ca7f4363bf18820295ba93.js Show response
platform.twitter.com/js/ 20 KB
7 KB 82ms
41ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/timeline.55167c7072ca7f4363bf18820295ba93.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (mil/6CE9) /
Resource Hash: 888bc5618973079f4a157c8c94b0afe382e7e957306429c5880e032c83fb8e0c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 19:41:58 GMT
Content-Encoding: gzip
Last-Modified: Thu, 02 Dec 2021 21:34:11 GMT
Server: ECS (mil/6CE9)
Age: 515735
Etag: "9539ec9d4bc5c1e5b1953004a6456c51+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 6441

GET
H2 200 / Show response
de.tynt.com/deb/ Frame C037 75 B
289 B 343ms
111ms Document
text/html 67.202.105.33
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip33.67-202-105.static.steadfastdns.net
Software: /
Resource Hash: e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/

Response headers

cache-control: max-age=86400
expires: Thu, 16 Dec 2021 19:41:58 GMT
referrer-policy: unsafe-url
content-type: text/html
content-length: 75
date: Wed, 15 Dec 2021 19:41:58 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H/1.1

200
OK

usermatch Show response
ssum-sec.casalemedia.com/ Frame 9550
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=191306&cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1

2 KB
3 KB

41ms
41ms

Document
text/html

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 75cea92866f73ed3145621879aa0e0af7dd382c42628cafa3d7545db34c9c9c6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 39|230|241|45|4|238|73|31
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1683
Expires: Wed, 15 Dec 2021 19:41:58 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 15 Dec 2021 19:41:58 GMT
Connection: keep-alive

Redirect headers

Server: Apache
Content-Length: 311
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Wed, 15 Dec 2021 19:41:58 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 15 Dec 2021 19:41:58 GMT
Connection: keep-alive

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame E8E4 2 KB
814 B 40ms
9ms Document
text/html 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=598ce3ddaee8c90

Requested by

Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
strict-transport-security: max-age=15552000

GET
H2

200

pbm-usync
router.infolinks.com/dyn/ Frame D2FE
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infoli...
https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infoli...
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MzUwQjFBNDgtNDQxNC00Nzc0LThENTktQzhCMTUwQjE3OTQw&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MzUwQjFBNDgtNDQxNC00Nzc0LThENTktQzhCMTUwQjE3OTQw&gdpr=0&gdpr_consent=&google_tc=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?p=156872&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fpbm-usync%3Fuid%3D350B1A48-4414-4774-8D59-C8B150B17940
https://router.infolinks.com/dyn/pbm-usync?uid=350B1A48-4414-4774-8D59-C8B150B17940

0
167 B

131ms
131ms

Image
text/html

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/pbm-usync?uid=350B1A48-4414-4774-8D59-C8B150B17940
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Dec 2021 19:41:58 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: text/html;charset=UTF-8
cache-control: no-store, no-cache, private
cf-ray: 6be22709cad654e1-MAN
content-length: 0
expires: Tue, 15 Dec 2020 19:41:58 GMT

Redirect headers

location: https://router.infolinks.com/dyn/pbm-usync?uid=350B1A48-4414-4774-8D59-C8B150B17940
date: Wed, 15 Dec 2021 19:41:57 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

apn-usync
router.infolinks.com/dyn/ Frame D2FE
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fapn-usync%3Fuser_id%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fapn-usync%253Fuser_id%253D%2524UID
https://router.infolinks.com/dyn/apn-usync?user_id=2413019295569767372

35 B
187 B

141ms
140ms

Image
image/gif

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/apn-usync?user_id=2413019295569767372
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Dec 2021 19:41:58 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6be227070f8154e1-MAN
content-length: 35
expires: Tue, 15 Dec 2020 19:41:58 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 15 Dec 2021 19:41:58 GMT
X-Proxy-Origin: 185.232.23.181; 185.232.23.181; 726.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 86d3559d-225e-4664-82dc-dfb246e9ab42
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://router.infolinks.com/dyn/apn-usync?user_id=2413019295569767372
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 cm
u.openx.net/w/1.0/ Frame D2FE 43 B
306 B 48ms
18ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u.openx.net/w/1.0/cm?id=9b5994f2-035d-46de-8c12-bc0e9a4e66c2&r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fox-usync%3Fuid%3D
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Dec 2021 19:41:58 GMT
content-encoding: gzip
server: OXGW/16.221.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

VR-usync
router.infolinks.com/dyn/ Frame D2FE
Redirect Chain

https://ups.analytics.yahoo.com/ups/58422/occ
https://ups.analytics.yahoo.com/ups/58422/occ?verify=true
https://router.infolinks.com/dyn/VR-usync?uid=y-oGTjEylE2uGNgfncCN6HPnmoyat.0yaYWfFmqt0-~A

35 B
264 B

133ms
132ms

Image
image/gif

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/VR-usync?uid=y-oGTjEylE2uGNgfncCN6HPnmoyat.0yaYWfFmqt0-~A
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Dec 2021 19:41:58 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6be22706ef4254e1-MAN
content-length: 35
expires: Tue, 15 Dec 2020 19:41:58 GMT

Redirect headers

location: https://router.infolinks.com/dyn/VR-usync?uid=y-oGTjEylE2uGNgfncCN6HPnmoyat.0yaYWfFmqt0-~A
date: Wed, 15 Dec 2021 19:41:58 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

r1-usync
router.infolinks.com/dyn/ Frame D2FE
Redirect Chain

https://sync.1rx.io/usersync2/infolinks
https://router.infolinks.com/dyn/r1-usync?uid=OPTOUT

35 B
179 B

335ms
334ms

Image
image/gif

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/r1-usync?uid=OPTOUT
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Dec 2021 19:41:58 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6be22706ef4654e1-MAN
content-length: 35
expires: Tue, 15 Dec 2020 19:41:58 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Dec 2021 19:41:58 GMT
server: Tengine
etag: OPTOUT
content-type: text/html
location: https://router.infolinks.com/dyn/r1-usync?uid=OPTOUT
cache-control: no-store, no-cache, must-revalidate
expires: 0

GET
H2

200

zmn-usync
router.infolinks.com/dyn/ Frame D2FE
Redirect Chain

https://b1sync.zemanta.com/usersync/infolinks/?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fzmn-usync%3Fuid%3D__ZUID__
https://router.infolinks.com/dyn/zmn-usync?uid=

35 B
90 B

158ms
157ms

Image
image/gif

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/zmn-usync?uid=
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store
cf-ray: 6be227099aa554e1-MAN
content-length: 35

Redirect headers

Location: https://router.infolinks.com/dyn/zmn-usync?uid=
Pragma: no-cache
Date: Wed, 15 Dec 2021 19:41:58 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 70
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK us
sync.go.sonobi.com/ Frame D2FE 0
474 B 74ms
14ms Image
text/plain 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsonobi-usync%3Fuid%3D%5BUID%5D

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Dec 2021 19:41:58 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

ca.png
s.cpx.to/ Frame D2FE
Redirect Chain

https://ib.adnxs.com/getuid?https://s.cpx.to/ca.png?ref=https%253A%252F%252Fwww.threatminer.org%252Fsample.php%253Fq%253Df326e2b2eb1f84179c8d81fb31d22ea7&pid=12306&adnxs_uid=$UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.cpx.to%2Fca.png%3Fref%3Dhttps%25253A%25252F%25252Fwww.threatminer.org%25252Fsample.php%25253Fq%25253Df326e2b2eb1f84179c8d81fb31d22ea7%26pid%3...
https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&pid=12306&adnxs_uid=2775319518693246399

95 B
945 B

128ms
31ms

Image
image/png

54.77.45.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&pid=12306&adnxs_uid=2775319518693246399

Requested by

Protocol

HTTP/1.1

Server

54.77.45.99 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-77-45-99.eu-west-1.compute.amazonaws.com

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache, no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Wed, 15 Dec 2021 19:41:58 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0, no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Content-Length: 95
Expires: Wed, 15 Dec 2021 19:41:58 UTC

Redirect headers

Pragma: no-cache
Date: Wed, 15 Dec 2021 19:41:58 GMT
X-Proxy-Origin: 185.232.23.181; 185.232.23.181; 726.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: cfeb1e0f-23bb-434a-9e00-84d13bb135f5
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&pid=12306&adnxs_uid=2775319518693246399
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK sync
dsp.adkernel.com/ Frame D2FE 42 B
233 B 281ms
90ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsp.adkernel.com/sync?exchange=202&r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fearn-usync%3Fuid%3D%7BUID%7D
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Dec 2021 19:41:58 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H2

200

outh-usync
router.infolinks.com/dyn/ Frame D2FE
Redirect Chain

https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true
https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP10c1a996-5ddf-11ec-b000-06281abbc740
https://router.infolinks.com/dyn/outh-usync?uid=y-ihqGBP1E2uHmmQf0bwyBBtb_jpsz8XQi~A~UP10c1a996-5ddf-11ec-b000-06281abbc740

35 B
234 B

130ms
127ms

Image
image/gif

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/outh-usync?uid=y-ihqGBP1E2uHmmQf0bwyBBtb_jpsz8XQi~A~UP10c1a996-5ddf-11ec-b000-06281abbc740
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Dec 2021 19:41:58 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6be227075fd754e1-MAN
content-length: 35
expires: Tue, 15 Dec 2020 19:41:58 GMT

Redirect headers

location: https://router.infolinks.com/dyn/outh-usync?uid=y-ihqGBP1E2uHmmQf0bwyBBtb_jpsz8XQi~A~UP10c1a996-5ddf-11ec-b000-06281abbc740
date: Wed, 15 Dec 2021 19:41:58 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 200 usersync
match.bnmla.com/ Frame D2FE 0
112 B 343ms
111ms Image
text/plain 38.27.122.126
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.bnmla.com/usersync?sspid=1000361&redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fenbd-usync%3Fuid%3D%5BUUID%5D
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 38.27.122.126 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 19:41:58 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2

200

sovrn-usync
router.infolinks.com/dyn/ Frame D2FE
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID
https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID&sovrn_retry=true
https://router.infolinks.com/dyn/sovrn-usync?uid=ecc012d606eaa40321784a67

35 B
193 B

132ms
132ms

Image
image/gif

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/sovrn-usync?uid=ecc012d606eaa40321784a67
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Dec 2021 19:41:58 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6be22708c9b054e1-MAN
content-length: 35
expires: Tue, 15 Dec 2020 19:41:58 GMT

Redirect headers

Date: Wed, 15 Dec 2021 19:41:58 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://router.infolinks.com/dyn/sovrn-usync?uid=ecc012d606eaa40321784a67
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H2

200

usersync
router.infolinks.com/dyn/ Frame D2FE
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolink...
https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolink...
https://image4.pubmatic.com/AdServer/SPug?p=60809&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fusersync%3Fpmuservalue%3D350B1A48-4414-4774-8D59-C8B150B17940
https://router.infolinks.com/dyn/usersync?pmuservalue=350B1A48-4414-4774-8D59-C8B150B17940

0
237 B

146ms
146ms

Image
text/plain

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/usersync?pmuservalue=350B1A48-4414-4774-8D59-C8B150B17940
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
cache-control: no-store
cf-ray: 6be22708c9aa54e1-MAN
content-length: 0

Redirect headers

location: https://router.infolinks.com/dyn/usersync?pmuservalue=350B1A48-4414-4774-8D59-C8B150B17940
date: Wed, 15 Dec 2021 19:41:57 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

zeta-usync
router.infolinks.com/dyn/ Frame D2FE
Redirect Chain

https://p.rfihub.com/cm?pub=43153&in=1
https://router.infolinks.com/dyn/zeta-usync?uid=5107433822069554098

35 B
196 B

261ms
260ms

Image
image/gif

172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/zeta-usync?uid=5107433822069554098
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Dec 2021 19:41:58 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6be22708796254e1-MAN
content-length: 35
expires: Tue, 15 Dec 2020 19:41:58 GMT

Redirect headers

Location: https://router.infolinks.com/dyn/zeta-usync?uid=5107433822069554098
Date: Wed, 15 Dec 2021 19:41:58 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame D2FE 0
72 B 354ms
111ms Image
text/plain 67.202.105.22
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssc-cms.33across.com/ps/?ri=0010b00002CpYhEAAV&ru=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2F33a-usync%3Fuid%3D33XUSERID33X
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.22 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip22.67-202-105.static.steadfastdns.net
Software: 33XP002 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-33x-status: 2000208
date: Wed, 15 Dec 2021 19:41:57 GMT
server: 33XP002

GET
H2 200 iq-usync
router.infolinks.com/dyn/ Frame D2FE 0
35 B 126ms
126ms Image
text/plain 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/iq-usync
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://router.infolinks.com/usync/manage?pid=3241790&wsid=0&pdom=www.threatminer.org&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control: no-store
cf-ray: 6be22707e8a654e1-MAN
content-length: 0

GET
H2 200 lounge.load.9068118211410bc5f67f5bb8d6806cba.js Show response
c.disquscdn.com/next/embed/ Frame C7C6 958 B
1 KB 27ms
8ms Script
application/javascript 2600:9000:2240:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.load.9068118211410bc5f67f5bb8d6806cba.js

Requested by

Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=f326e2b2eb1f84179c8d81fb31d22ea7&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&t_d=f326e2b2eb1f84179c8d81fb31d22ea7%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=f326e2b2eb1f84179c8d81fb31d22ea7%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

0376879a45be95f1d718c2a90d0b35986973e87d6f4c790b4c7046343464b72a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=f326e2b2eb1f84179c8d81fb31d22ea7&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&t_d=f326e2b2eb1f84179c8d81fb31d22ea7%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=f326e2b2eb1f84179c8d81fb31d22ea7%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
Origin: https://disqus.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 23:27:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 677691
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 494
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 07 Dec 2021 22:32:35 GMT
server: nginx
etag: "61afe103-1ee"
content-type: application/javascript; charset=utf-8
via: 1.1 8c08c39035033b8c904aa0e3f734d6c7.cloudfront.net (CloudFront)
expires: Wed, 07 Dec 2022 23:27:07 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA60-P1
timing-allow-origin: *
x-amz-cf-id: QsNRyCCfCFfuDP6ec4SgttUpxQK8u0phkxV8G13oxFb3BHc44estvA==
x-cache-hits: 0

GET
H3 200 async-ads.js Show response
cse.google.com/adsense/search/ Frame CE13 134 KB
49 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/adsense/search/async-ads.js?pac=0

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse_v2/ads?adsafe=low&pcsa=true&cx=009665096751685288782%3Ao6_z_tmwsge&client=google-coop&q=f326e2b2eb1f84179c8d81fb31d22ea7&r=m&hl=en&type=0&oe=UTF-8&ie=UTF-8&fexp=20606%2C17300769%2C17300772%2C17300841%2C17300859%2C17300861&format=p4&ad=p4&nocache=3021639597318073&num=0&output=uds_ads_only&source=gcsc&v=3&bsl=10&pac=0&u_his=2&u_tz=0&dt=1639597318074&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=6989&frm=0&uio=-&qup=1&inames=master-1&jsv=14764&rurl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7%23gsc.tab%3D0%26gsc.q%3Df326e2b2eb1f84179c8d81fb31d22ea7%26gsc.page%3D1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e09d646e35ace5492044aa3206e8b5e19b1beaf4f1ffdacd617133a205776aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cse.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
etag: "11512091418515610374"
vary: Accept-Encoding
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
accept-ranges: bytes
expires: Wed, 15 Dec 2021 19:41:58 GMT

GET
H2 200 impl.20211215-1-RELEASE.js Show response
cdn.taboola.com/libtrc/ Frame 0D52 613 KB
127 KB 17ms
17ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20211215-1-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 692899320924303013f3d186ac0ca5e91e2c215a892c03bf2c80d7755af35244

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: WV1VixKzVPYgUuHSpyVPVbgwrfsmJK98
content-encoding: br
etag: "36440043f6773caf15e25de8af2dd409"
age: 5997
x-cache: HIT
content-length: 129202
x-amz-id-2: juGBS0flZ9oWwmZy7MB2KDnvBLjnqOLxoNMlQ1S73ENWImoDjZaAjKomoIAXdqJRnzwoIbHFfTs=
x-served-by: cache-cdg20753-CDG
last-modified: Wed, 15 Dec 2021 09:54:16 GMT
server: AmazonS3-br
x-timer: S1639597318.185047,VS0,VE0
date: Wed, 15 Dec 2021 19:41:58 GMT
vary: Accept-Encoding
x-amz-request-id: AS6DM2RNDPKF6B28
via: 1.1 varnish
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: application/javascript
abp: 50
x-cache-hits: 54323

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ Frame 0D52 1 KB
1 KB 27ms
8ms Script
application/javascript 13.32.121.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-72.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 04:47:04 GMT
content-encoding: gzip
etag: W/"1827f116c73f319409b97f10b8a58ade"
last-modified: Fri, 26 Feb 2021 14:35:05 GMT
server: AmazonS3
age: 53695
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 00746b020527dcdbeca0dab6f6de299b.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: TKjePlcEuWMjTCP2tPex21ydD2-qlgtU4o7gBnMpph3M9wSJw4bHxw==

GET
H2 200 common.bundle.2f2f40d40785c9541a90e9086c8770a3.js Show response
c.disquscdn.com/next/embed/ Frame C7C6 282 KB
93 KB 8ms
7ms Script
application/javascript 2600:9000:2240:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.2f2f40d40785c9541a90e9086c8770a3.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.9068118211410bc5f67f5bb8d6806cba.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4d958aa0fe56b2c9ef407522721c72a3f0ac4f0ae063a2e2d05c134b7a79fa85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=f326e2b2eb1f84179c8d81fb31d22ea7&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&t_d=f326e2b2eb1f84179c8d81fb31d22ea7%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=f326e2b2eb1f84179c8d81fb31d22ea7%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 25 Oct 2021 14:45:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4424188
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94779
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Fri, 22 Oct 2021 00:26:02 GMT
server: nginx
etag: "6172051a-1723b"
content-type: application/javascript; charset=utf-8
via: 1.1 bf791e1829ff18782cd9837fbba03616.cloudfront.net (CloudFront)
expires: Tue, 25 Oct 2022 14:45:30 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA60-P1
timing-allow-origin: *
x-amz-cf-id: c91f11rIKsnoFToZqdo86d2npaasi2_i_N3v7NQklxBpCPGcEB8hcg==
x-cache-hits: 0

GET
H2 200 impl.20211215-1-RELEASE.js Show response
cdn.taboola.com/libtrc/ Frame 36D3 613 KB
126 KB 17ms
16ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20211215-1-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 692899320924303013f3d186ac0ca5e91e2c215a892c03bf2c80d7755af35244

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: WV1VixKzVPYgUuHSpyVPVbgwrfsmJK98
content-encoding: br
etag: "36440043f6773caf15e25de8af2dd409"
age: 5997
x-cache: HIT
content-length: 129202
x-amz-id-2: juGBS0flZ9oWwmZy7MB2KDnvBLjnqOLxoNMlQ1S73ENWImoDjZaAjKomoIAXdqJRnzwoIbHFfTs=
x-served-by: cache-cdg20753-CDG
last-modified: Wed, 15 Dec 2021 09:54:16 GMT
server: AmazonS3-br
x-timer: S1639597318.213264,VS0,VE0
date: Wed, 15 Dec 2021 19:41:58 GMT
vary: Accept-Encoding
x-amz-request-id: AS6DM2RNDPKF6B28
via: 1.1 varnish
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: application/javascript
abp: 50
x-cache-hits: 54324

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ Frame 36D3 1 KB
1 KB 16ms
16ms Script
application/javascript 13.32.121.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-72.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 04:47:04 GMT
content-encoding: gzip
etag: W/"1827f116c73f319409b97f10b8a58ade"
last-modified: Fri, 26 Feb 2021 14:35:05 GMT
server: AmazonS3
age: 53695
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 00746b020527dcdbeca0dab6f6de299b.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: MBDMZm4h1hRNoAadGk6svwGdlZAvoVXkDzWbbAysoVntqHwknAGwSg==

GET
H2

204

b2
sb.scorecardresearch.com/ Frame 0D52
Redirect Chain

https://sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&ns__t=1639597318225&ns_c=UTF-8&ns_if=1&cv=3.5&c8=&c7=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&c9=
https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1639597318225&ns_c=UTF-8&ns_if=1&cv=3.5&c8=&c7=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&c9=

0
224 B

10ms
8ms

Image
text/plain

13.32.121.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1639597318225&ns_c=UTF-8&ns_if=1&cv=3.5&c8=&c7=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&c9=
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Server: 13.32.121.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-72.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
via: 1.1 00746b020527dcdbeca0dab6f6de299b.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-amz-cf-id: boTgx0jHTxJZW4sffrxcAMCMdNzyey2V9hTt7XPw5LrzGysh81XTXg==
x-cache: Miss from cloudfront

Redirect headers

date: Wed, 15 Dec 2021 19:41:58 GMT
via: 1.1 00746b020527dcdbeca0dab6f6de299b.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1639597318225&ns_c=UTF-8&ns_if=1&cv=3.5&c8=&c7=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&c9=
content-length: 222
x-amz-cf-id: WGvMukdNrL0LRtIGdTaILucbwzmPcIX75X4JcfLvzmhcn12TwvWMtQ==

GET
H2 200 profile Show response
cdn.syndication.twimg.com/timeline/ 170 KB
15 KB 490ms
369ms Script
application/javascript 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/timeline/profile?callback=__twttr.callbacks.tl_i0_profile_ThreatMiner_old&dnt=true&domain=www.threatminer.org&lang=en&screen_name=ThreatMiner&suppress_response_codes=true&t=1821774&tz=GMT%2B0000&with_replies=false

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_f /

Resource Hash

eaf9b8df2584f7aa7e0a88a41b9ece330450c71491d3f56b06a32110da0a9471

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: attachment; filename=jsonp.jsonp
access-control-allow-methods: GET
content-length: 15321
x-xss-protection: 0
access-contol-allow-origin: platform.twitter.com
x-response-time: 305
last-modified: Wed, 15 Dec 2021 19:41:58 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: application/javascript;charset=utf-8
cache-control: must-revalidate, max-age=300
x-connection-hash: 6267f139d67c0945aa8928269f3c07df48e2a73f27d13e9a7a60c49c25b40831
timing-allow-origin: *
x-transaction: 573cd4d4bf1e1c43
expires: Wed, 15 Dec 2021 19:46:58 GMT

GET
H2 200 json Show response
trc.taboola.com/disqus-widget-safetylevel20longtail09/trc/3/ Frame 0D52 14 KB
6 KB 1002ms
998ms XHR
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/disqus-widget-safetylevel20longtail09/trc/3/json?tim=19%3A41%3A58.273&lti=deflated&data=%7B%22id%22%3A639%2C%22ii%22%3A%22%2Fsample.php%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1639563311176%2C%22vi%22%3A1639597318272%2C%22cv%22%3A%2220211215-1-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22plf%22%3A%7B%22ack_exm%22%3Atrue%7D%2C%22bu%22%3A%22https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7%22%2C%22e%22%3A%22https%3A%2F%2Fwww.threatminer.org%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1208%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A17%2C%22dw%22%3A1208%2C%22dh%22%3A27%2C%22qs%22%3A%22%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22thumbnails-b%3Aabp%3D0%22%2C%22uip%22%3A%22%7B%5C%22domain%5C%22%3A%20%5C%22https%3A%2F%2Fwww.threatminer.org%5C%22%2C%20%5C%22experiment%5C%22%3A%20%5C%22network_default%5C%22%2C%20%5C%22position%5C%22%3A%20%5C%22bottom%5C%22%2C%20%5C%22shortname%5C%22%3A%20%5C%22threatminer%5C%22%2C%20%5C%22variant%5C%22%3A%20%5C%22fallthrough%5C%22%7D%22%2C%22orig_uip%22%3A%22%7B%5C%22domain%5C%22%3A%20%5C%22https%3A%2F%2Fwww.threatminer.org%5C%22%2C%20%5C%22experiment%5C%22%3A%20%5C%22network_default%5C%22%2C%20%5C%22position%5C%22%3A%20%5C%22bottom%5C%22%2C%20%5C%22shortname%5C%22%3A%20%5C%22threatminer%5C%22%2C%20%5C%22variant%5C%22%3A%20%5C%22fallthrough%5C%22%7D%22%2C%22cd%22%3A27%2C%22mw%22%3A0%7D%5D%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20211215-1-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 647fed7e93f0cbf9b2195f2d248f6176cb56ee644c5860111f467139c4d970dd

Request headers

Referer: https://www.threatminer.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

x-vcl-time-ms: 983
date: Wed, 15 Dec 2021 19:41:59 GMT
content-encoding: gzip
server: nginx
x-timer: S1639597318.286280,VS0,VE983
x-served-by: cache-cdg20753-CDG
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.threatminer.org
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
x-cache-hits: 0

GET
H2 204 b
sb.scorecardresearch.com/ Frame 36D3 0
337 B 11ms
11ms Image
text/plain 13.32.121.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&ns__t=1639597318279&ns_c=UTF-8&ns_if=1&cv=3.5&c8=&c7=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&c9=
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-72.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
via: 1.1 00746b020527dcdbeca0dab6f6de299b.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-amz-cf-id: _vaKC1H7zNO30cZcH-eq2WuE13It_3SV6Em1PYhEXb07zRifT2j__g==
x-cache: Miss from cloudfront

GET
H2 200 lounge.7ab903feba7624935283ca4c7d8c7203.css
c.disquscdn.com/next/embed/styles/ Frame C7C6 165 KB
26 KB 7ms
7ms Stylesheet
text/css 2600:9000:2240:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.2f2f40d40785c9541a90e9086c8770a3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9f05592df6a80686d7216adbbc60dd18c978741182ed9e09a863de7374931f0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=f326e2b2eb1f84179c8d81fb31d22ea7&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&t_d=f326e2b2eb1f84179c8d81fb31d22ea7%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=f326e2b2eb1f84179c8d81fb31d22ea7%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 23:27:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 677691
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 26065
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 07 Dec 2021 22:32:35 GMT
server: nginx
etag: "61afe103-65d1"
content-type: text/css; charset=utf-8
via: 1.1 bf791e1829ff18782cd9837fbba03616.cloudfront.net (CloudFront)
expires: Wed, 07 Dec 2022 23:27:07 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA60-P1
timing-allow-origin: *
x-amz-cf-id: fAuStfIdQRsof4a34tcmGnkwhBMXX0UDHSt5-46rqiTl72PhwCzffg==
x-cache-hits: 0

GET
H2 200 json Show response
trc.taboola.com/disqus-widget-safetylevel20longtail09/trc/3/ Frame 36D3 17 KB
7 KB 525ms
525ms XHR
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/disqus-widget-safetylevel20longtail09/trc/3/json?tim=19%3A41%3A58.325&lti=deflated&data=%7B%22id%22%3A755%2C%22ii%22%3A%22%2Fsample.php%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1639563311176%2C%22vi%22%3A1639597318272%2C%22cv%22%3A%2220211215-1-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22plf%22%3A%7B%22ack_exm%22%3Atrue%7D%2C%22bu%22%3A%22https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7%22%2C%22e%22%3A%22https%3A%2F%2Fwww.threatminer.org%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1208%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A17%2C%22dw%22%3A1208%2C%22dh%22%3A27%2C%22qs%22%3A%22%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A7%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22%7B%5C%22domain%5C%22%3A%20%5C%22https%3A%2F%2Fwww.threatminer.org%5C%22%2C%20%5C%22experiment%5C%22%3A%20%5C%22network_default%5C%22%2C%20%5C%22position%5C%22%3A%20%5C%22top%5C%22%2C%20%5C%22shortname%5C%22%3A%20%5C%22threatminer%5C%22%2C%20%5C%22variant%5C%22%3A%20%5C%22fallthrough%5C%22%7D%22%2C%22orig_uip%22%3A%22%7B%5C%22domain%5C%22%3A%20%5C%22https%3A%2F%2Fwww.threatminer.org%5C%22%2C%20%5C%22experiment%5C%22%3A%20%5C%22network_default%5C%22%2C%20%5C%22position%5C%22%3A%20%5C%22top%5C%22%2C%20%5C%22shortname%5C%22%3A%20%5C%22threatminer%5C%22%2C%20%5C%22variant%5C%22%3A%20%5C%22fallthrough%5C%22%7D%22%2C%22cd%22%3A27%2C%22mw%22%3A0%7D%5D%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20211215-1-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: f35741e78ab87627f4b9699d33be57b5a3faa7cf63d1fb06b14b1de3994eabc3

Request headers

Referer: https://www.threatminer.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

x-vcl-time-ms: 508
date: Wed, 15 Dec 2021 19:41:58 GMT
content-encoding: gzip
server: nginx
x-timer: S1639597318.334262,VS0,VE508
x-served-by: cache-cdg20753-CDG
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.threatminer.org
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
x-cache-hits: 0

GET
H2 200 in_search.js Show response
resources.infolinks.com/js/1769.027-3.025/ 123 KB
46 KB 48ms
48ms Script
application/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/1769.027-3.025/in_search.js
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0ed4b80efbb81a92a82a727735aa23cd0e64ba7f8fe99507b31154f3042b9ba

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray: 6be22707e89c54e1-MAN
date: Wed, 15 Dec 2021 19:41:58 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Sat, 11 Dec 2021 06:26:43 GMT
server: cloudflare
age: 2430
etag: W/"1eb61-5d2d8ec552244"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
content-encoding: gzip
expires: Fri, 14 Jan 2022 19:01:28 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 374 KB
124 KB 56ms
17ms Script
text/javascript 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f725f6888d32252c9f3dc55750d168b0f4f00e0ea1f2e877ff46595662a56110

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126427
x-xss-protection: 0
expires: Wed, 15 Dec 2021 19:41:58 GMT

GET
H2 200 lounge.bundle.920cdf639b386b42eddc25a8b2755561.js Show response
c.disquscdn.com/next/embed/ Frame C7C6 475 KB
121 KB 8ms
8ms Script
application/javascript 2600:9000:2240:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.920cdf639b386b42eddc25a8b2755561.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.2f2f40d40785c9541a90e9086c8770a3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

01b1844125589a15317239014be029ba024bc0d6e059222bc99bd913a82ecb88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=f326e2b2eb1f84179c8d81fb31d22ea7&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&t_d=f326e2b2eb1f84179c8d81fb31d22ea7%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=f326e2b2eb1f84179c8d81fb31d22ea7%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 23:27:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 677691
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 122873
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 07 Dec 2021 22:32:35 GMT
server: nginx
etag: "61afe103-1dff9"
content-type: application/javascript; charset=utf-8
via: 1.1 bf791e1829ff18782cd9837fbba03616.cloudfront.net (CloudFront)
expires: Wed, 07 Dec 2022 23:27:07 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA60-P1
timing-allow-origin: *
x-amz-cf-id: CvRc_dK3UMzxEZB8cSPNGGFn2F8OTNbKJPmHoKjPhqp-Xsi99-1I1g==
x-cache-hits: 0

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ Frame C7C6 14 KB
15 KB 8ms
8ms Script
application/javascript 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.2f2f40d40785c9541a90e9086c8770a3.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

ba5de2dd01708185a0cf0204bee10541293279f7ed8589422e930caab1c18d5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=f326e2b2eb1f84179c8d81fb31d22ea7&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&t_d=f326e2b2eb1f84179c8d81fb31d22ea7%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=f326e2b2eb1f84179c8d81fb31d22ea7%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 19:41:58 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 23
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 14552
X-XSS-Protection: 1; mode=block

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 9550 70 B
265 B 102ms
34ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Dec 2021 19:41:58 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame 9550
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YbpFBnjRA1f5aOYiU_nSZQAABH0AAAAB&gdpr_consent=&us_privacy=&gdpr=1
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEDqCsp4CoCzYExRHEqdCYD8&google_cver=1

43 B
315 B

129ms
129ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEDqCsp4CoCzYExRHEqdCYD8&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Dec 2021 19:41:58 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Wed, 15 Dec 2021 19:41:58 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Dec 2021 19:41:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEDqCsp4CoCzYExRHEqdCYD8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 343
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 9550
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbpFBnjRA1f5aOYiU_nSZQAABH0AAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbpFBnjRA1f5aOYiU_nSZQAABH0AAAAB&dcc=t

43 B
645 B

102ms
102ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbpFBnjRA1f5aOYiU_nSZQAABH0AAAAB&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Dec 2021 19:41:59 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: BF7PXC3QE7KMXEDMBBZP
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 15 Dec 2021 19:41:58 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: SKVRG3QHP8Z8R6ES901E
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YbpFBnjRA1f5aOYiU_nSZQAABH0AAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 9550
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YbpFBnjRA1f5aOYiU-nSZQAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEESecXhdeVmr1yXKtY3fzG8&google_cver=1&gdpr=1

43 B
1019 B

35ms
35ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEESecXhdeVmr1yXKtY3fzG8&google_cver=1&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Dec 2021 19:41:58 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 15 Dec 2021 19:41:58 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Dec 2021 19:41:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEESecXhdeVmr1yXKtY3fzG8&google_cver=1&gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 325
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 9550
Redirect Chain

https://ad.turn.com/r/cs?pid=21&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3623615811744744614

43 B
992 B

35ms
35ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3623615811744744614
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Dec 2021 19:41:58 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 15 Dec 2021 19:41:58 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3623615811744744614
pragma: no-cache
date: Wed, 15 Dec 2021 19:41:57 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2 400 461886.gif
idsync.rlcdn.com/ Frame 9550 0
0 49ms
16ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/461886.gif?partner_uid=YbpFBnjRA1f5aOYiU-nSZQAA%261149&&gdpr_consent=&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H2 200 YbpFBnjRA1f5aOYiU_nSZQAABH0AAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 9550 43 B
874 B 116ms
36ms Image
image/gif 2a05:d018:d29:3601:58ff:414:f08:16d6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/casale/YbpFBnjRA1f5aOYiU_nSZQAABH0AAAAB?gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3601:58ff:414:f08:16d6 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff

GET
H/1.1

200
OK

noop
px.owneriq.net/ Frame 9550
Redirect Chain

https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID)
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ6928837181518736253&uid=Q6928837181518736253&ref=%2Feucm%2Fp%2Fcc
https://px.owneriq.net/noop?ct=image%2Fgif

0
287 B

18ms
18ms

Image
image/gif

104.111.242.53
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.owneriq.net/noop?ct=image%2Fgif
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Server: 104.111.242.53 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-53.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 19:41:58 GMT
Server: Apache/2.2.15 (CentOS)
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-Powered-By: PHP/5.3.3
Content-Length: 0
Content-Type: image/gif

Redirect headers

Location: https://px.owneriq.net/noop?ct=image%2Fgif
Date: Wed, 15 Dec 2021 19:41:58 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H2 200 ix-usync
router.infolinks.com/dyn/ Frame 9550 35 B
197 B 134ms
132ms Image
image/gif 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/ix-usync?uid=YbpFBnjRA1f5aOYiU-nSZQAA%261149
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Dec 2021 19:41:58 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6be22708290d54e1-MAN
content-length: 35
expires: Tue, 15 Dec 2020 19:41:58 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame BB24 4 KB
1 KB 44ms
16ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=1381165906&adk=2644663765&adf=151644923&pi=t.ma~as.1381165906&w=1182&fwrn=4&lmt=1639597317&rafmt=11&psa=0&format=1182x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597317600&bpp=1&bdt=239&idt=311&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600&correlator=8719168437898&frm=20&pv=1&ga_vid=312059641.1639597318&ga_sid=1639597318&ga_hid=1410843209&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=464529641161210&pem=28&tmod=284&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=mizkS2ptyV&p=https%3A//www.threatminer.org&dtd=315

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 15 Dec 2021 18:20:05 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 15 Dec 2021 19:41:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 15 Dec 2021 19:41:58 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame BB24 1 KB
959 B 64ms
19ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:40:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 853
x-xss-protection: 0
server: cafe
etag: 7170004918125193417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:40:56 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame BB24 19 KB
8 KB 50ms
12ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:40:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 88
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:40:30 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame BB24 2 KB
1 KB 58ms
20ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:34:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 457
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:34:21 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BB24 119 KB
37 KB 71ms
47ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 15 Dec 2021 19:41:58 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame BB24 15 KB
6 KB 54ms
16ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:35:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 416
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:35:02 GMT

GET
H2 200 6d065ef8aad4e53a06604e1059b7b7b3.js Show response
www.gstatic.com/mysidia/ Frame BB24 27 KB
12 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 14 Dec 2021 19:06:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 88517
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11408
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 07:52:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 14 Mar 2022 19:06:41 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 3DB5 19 KB
8 KB 46ms
17ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=250&slotname=4491384285&adk=1382012186&adf=1527761000&pi=t.ma~as.4491384285&w=299&fwrn=4&fwrnh=100&lmt=1639597317&rafmt=3&psa=0&format=299x250&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597317596&bpp=4&bdt=234&idt=276&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&correlator=8719168437898&frm=20&pv=2&ga_vid=312059641.1639597318&ga_sid=1639597318&ga_hid=1410843209&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=229&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=464529641161210&pem=28&tmod=284&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=f1bbzY06vH&p=https%3A//www.threatminer.org&dtd=290

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:40:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 88
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:40:30 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 3DB5 2 KB
1 KB 49ms
20ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:34:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 457
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:34:21 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3DB5 119 KB
37 KB 95ms
81ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 15 Dec 2021 19:41:58 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 3DB5 15 KB
6 KB 47ms
18ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:35:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 416
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:35:02 GMT

GET
H2 200 /
track.seadform.net/adfserve/ Frame BB24 35 B
0 81ms
26ms Fetch
image/gif 37.157.5.142
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.seadform.net/adfserve/?bn=47146211;1x1inv=1;srctype=3;ord=1880421449

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.142 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Dec 2021 19:41:58 GMT
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: image/gif
expires: -1

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame BB24 0
0 53ms
49ms Fetch
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C4tHABUW6YfbeOc6ytwfEzIPYD42nypJn1Lr13L8PwI23ARABINWzrm1gleKQgqAHoAHI5NeKA8gBBqkC9m_qk2bqsj6oAwHIA8sEqgTfAU_Q2BqGbQI9oRnchqvLmDJVHWvYm1ZKxfBNzB7OTa3OlfHvvAVCkAxTYGAXm8dcwSN-3kESFk2CQy8XGjOKkXqPThRA7k88QqPLP9f0ZknmcJIp5UpIo6_jbXiiptCyOxkvycODhOc89m7YEXBvpXvi4KPCidxRASlUCTEpUlOTGz3bh8TlqgHEYh9n36cXMak0dCYKpduOndgb35NgTkNBuuJcuknS5X4x6OVhRoQRIOMyvNuHLHvkDUEwr8FUlDfT7QGE6j5KYbHxrZcEDMNmpD5zdNsvqp5o7JGJ82PABJq0gq7xA5IFBAgEGAGSBQQIBRgEoAY3gAegm6h1qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQxNMI0ggJCIDhgBAQARgfgAoByAsB2BMN0BUBmBYBgBcBshccChoIABIUcHViLTU3MjA3NjMyNzE1MzIzNzcYAA&sigh=u5KTGrGOtqk&uach_m=[UACH]&template_id=492

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=1381165906&adk=2644663765&adf=151644923&pi=t.ma~as.1381165906&w=1182&fwrn=4&lmt=1639597317&rafmt=11&psa=0&format=1182x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597317600&bpp=1&bdt=239&idt=311&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600&correlator=8719168437898&frm=20&pv=1&ga_vid=312059641.1639597318&ga_sid=1639597318&ga_hid=1410843209&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=359&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=464529641161210&pem=28&tmod=284&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=mizkS2ptyV&p=https%3A//www.threatminer.org&dtd=315
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 15 Dec 2021 19:41:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/ Frame 681B 3 KB
3 KB 26ms
22ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/index.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78bd525dc317d47424279fbc7165201537c4bfe4c94c7f7c209a0685b6af281f

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin: *
content-length: 1306
date: Wed, 15 Dec 2021 03:17:50 GMT
expires: Thu, 15 Dec 2022 03:17:50 GMT
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
age: 59048
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3DB5 0
0 58ms
57ms Fetch
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CV4m-BUW6Yf3COInKtwf1vIOgCfTN-4ZmrPCJqI8Nqb_ChIobEAEg1bOubWCV4pCCoAegAfTazJkDyAEJqQL2b-qTZuqyPqgDAcgDSKoE5wFP0EqkPO6RLXgJrFadcYysP1SCV--Zkd2Sj2Ytufv7Dvt8M89Yi6elabGYZvF0w2L0qjn9bOnjxLXAFLnjMhZA6YAA6Vz-WF5oiELjhqTppg-xa8cYxOPyZuUuIuRIjvJIsWqbmT1-MdA9iMHYu7ct6TfFiSXqg5nb3FyQhnU06hfQwINOjtH7-fsRcMXLtmdWfLqji54SUGRKTua2u6jHuD7blz_jlIKLZ-pStGHWm_G4A3nxkkyVp8GivWZm3Jsw6unvebX1NBD2qrxy59jZnM4EgL-N3KI5nozTcPBeWXUe59eHJjjABP3-v4iJA5IFBAgEGAGSBQQIBRgEoAYugAf0pLNmqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQsfwL0ggJCIDhgBAQARgfgAoByAsB2BMM0BUBmBYBgBcBshccChoIABIUcHViLTU3MjA3NjMyNzE1MzIzNzcYAA&sigh=ru-VzVbGYlk&uach_m=[UACH]&template_id=419

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=250&slotname=4491384285&adk=1382012186&adf=1527761000&pi=t.ma~as.4491384285&w=299&fwrn=4&fwrnh=100&lmt=1639597317&rafmt=3&psa=0&format=299x250&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597317596&bpp=4&bdt=234&idt=276&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&correlator=8719168437898&frm=20&pv=2&ga_vid=312059641.1639597318&ga_sid=1639597318&ga_hid=1410843209&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=229&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=464529641161210&pem=28&tmod=284&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=f1bbzY06vH&p=https%3A//www.threatminer.org&dtd=290
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 15 Dec 2021 19:41:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 getads.htm Show response
rt3025.infolinks.com/action/ 7 KB
5 KB 524ms
524ms Script
text/html 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rt3025.infolinks.com/action/getads.htm?hks=%5B%7B%22lid%22%3A%22d_IL_INSEARCH%22%2C%22bdc%22%3A1%2C%22prod_t%22%3A%22d%22%2C%22garc%22%3A0%2C%22sdata%22%3A%22net%22%2C%22scs%22%3A%22lqmGBxHvwH%22%7D%5D&rid=4805290f-2269-4720-b333-89ec78b6b13f&jsv=1769.027-3.025&sr=1600X1200&rts=1639597318465&cfv=-1&cb=getAdsResponse&os=Windows&ov=10&br=Chrome&bv=96.0.4664.93&dv=p&ce=t&purl=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&tzo=-0000&c=c&strg=true&rsd=XHhha1PQomVG8Q7PLfNlrIrRPlbWXf_DrdK7MtNS91STfXUZIxsh8r-hS6UyPULhDojTt8B4ZwWpRK3PekCBlQZcDEwbdAj_d_LnZ8anFN8oQDA6pOYddEezQzPAiA0YFxNa8wxQEssB7b0Knd317aXGykPN_0C_&rsk=40&rcs=SWNx7Ohs4tU8NOMr-mVPYg&hbnr=false
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf8848ca9bb905744e9e472f9cce6f6a63a4453c80ce08440b9b91f27c55a684

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Dec 2021 19:41:58 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
p3p: CP="NON DSP NID OUR COR"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-language: de-DE
content-type: text/html;charset=UTF-8
cache-control: no-cache,no-store
cf-ray: 6be22708796354e1-MAN
x-application-context: application:prod
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK details Show response
disqus.com/api/3.0/forums/ Frame C7C6 3 KB
3 KB 115ms
115ms XHR
application/json 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/forums/details?forum=threatminer&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.2f2f40d40785c9541a90e9086c8770a3.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

2189f9b418cf08f45330688d733153676a039a30f6f9f287f018a99b0b2fb0a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=f326e2b2eb1f84179c8d81fb31d22ea7&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&t_d=f326e2b2eb1f84179c8d81fb31d22ea7%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=f326e2b2eb1f84179c8d81fb31d22ea7%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 19:41:58 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Type: application/json
Vary: Origin, Cookie
Content-Length: 3078
X-XSS-Protection: 1; mode=block

GET
H2 200 vidice.js Show response
resources.infolinks.com/js/vidice/1.0/ 620 KB
168 KB 40ms
39ms Script
application/javascript 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/vidice/1.0/vidice.js
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 610a427b4b6da16af92fa70bc4ebc4bc85ab2fbfc59bfea7d01a58e78412c88a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

cf-ray: 6be2270909f154e1-MAN
date: Wed, 15 Dec 2021 19:41:58 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Wed, 10 Jul 2019 15:15:02 GMT
server: cloudflare
age: 2710
etag: W/"9b0d4-58d552435a78c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
content-encoding: gzip
expires: Fri, 14 Jan 2022 18:56:48 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame AB08 143 B
163 B 7ms
6ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=250&slotname=4491384285&adk=1382012186&adf=1527761000&pi=t.ma~as.4491384285&w=299&fwrn=4&fwrnh=100&lmt=1639597317&rafmt=3&psa=0&format=299x250&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597317596&bpp=4&bdt=234&idt=276&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&correlator=8719168437898&frm=20&pv=2&ga_vid=312059641.1639597318&ga_sid=1639597318&ga_hid=1410843209&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=229&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=464529641161210&pem=28&tmod=284&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=f1bbzY06vH&p=https%3A//www.threatminer.org&dtd=290

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 15 Dec 2021 19:02:20 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2378
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame BB24 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5d00b737b3ef9c46f56f4a68ec22d07f7abce4ac9a745d488288f259707a7763

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame CCEE 3 KB
622 B 32ms
17ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open%20Sans%3A400

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=8831273914&adk=3175788880&adf=3735847537&pi=t.ma~as.8831273914&w=1200&fwrn=4&lmt=1639597317&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597317601&bpp=1&bdt=240&idt=325&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200&correlator=8719168437898&frm=20&pv=1&ga_vid=312059641.1639597318&ga_sid=1639597318&ga_hid=1410843209&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2190&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=464529641161210&pem=28&tmod=284&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=TcvVvCWhWj&p=https%3A//www.threatminer.org&dtd=327

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c99361c0d8561c7d88a237009bac83ecc149fe6f1f91c52dde79b7841b584c40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 15 Dec 2021 18:29:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 15 Dec 2021 19:41:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 15 Dec 2021 19:41:58 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame CCEE 1 KB
880 B 26ms
10ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:40:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 853
x-xss-protection: 0
server: cafe
etag: 7170004918125193417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:40:56 GMT

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 681B 9 KB
3 KB 21ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 16:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12804
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 16 Dec 2021 16:08:34 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 681B 26 KB
10 KB 20ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 16:13:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12499
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 16 Dec 2021 16:13:39 GMT

GET
H2 200 createjs_2015.11.26_54e1c3722102182bb133912ad4442e19_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 681B 186 KB
49 KB 69ms
14ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2015.11.26_54e1c3722102182bb133912ad4442e19_min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49100
x-xss-protection: 0
last-modified: Wed, 16 Mar 2016 13:51:35 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 15 Dec 2021 19:41:58 GMT

GET
H3 200 300x250.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/ Frame 681B 64 KB
10 KB 22ms
9ms Script
application/x-javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/300x250.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a22c79a87c6c6b7aea7abef028487a161f1a9fae0a624bc946019100c3d151cc

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 30921
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9739
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Wed, 15 Dec 2021 11:06:37 GMT
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 15 Dec 2022 11:06:37 GMT

GET
DATA 200
OK truncated
/ Frame 3DB5 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 334bd658746df17eac7c2502d809b71128f584df89c15cd3b6e8cf8048b6445e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame BB24 15 KB
16 KB 32ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:39:48 GMT
x-content-type-options: nosniff
age: 453730
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 10 Dec 2022 13:39:48 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame BB24 16 KB
16 KB 33ms
12ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 14 Dec 2021 14:02:00 GMT
x-content-type-options: nosniff
age: 106798
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:21 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 14 Dec 2022 14:02:00 GMT

GET
H2 200 noavatar92.png
a.disquscdn.com/1638827995/images/ Frame C7C6 2 KB
2 KB 40ms
7ms Image
image/png 199.232.194.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1638827995/images/noavatar92.png

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.194.49 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=f326e2b2eb1f84179c8d81fb31d22ea7&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&t_d=f326e2b2eb1f84179c8d81fb31d22ea7%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=f326e2b2eb1f84179c8d81fb31d22ea7%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 680876
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA50-C1
content-length: 1644
x-amz-cf-id: nV96ofIijb2pd0J7e4OQeo5uUhUj3seFKOcAIYB-3cvkwe0eUw8OtQ==
expires: Thu, 06 Jan 2022 22:34:02 GMT

GET
DATA 200
OK truncated
/ Frame C7C6 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame CCEE 19 KB
8 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:40:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 88
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:40:30 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame CCEE 2 KB
1 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:31:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 626
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:31:32 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CCEE 119 KB
36 KB 71ms
54ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 15 Dec 2021 19:41:58 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame CCEE 15 KB
6 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:39:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 134
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:39:44 GMT

GET
H3 200 6d065ef8aad4e53a06604e1059b7b7b3.js Show response
www.gstatic.com/mysidia/ Frame CCEE 27 KB
11 KB 22ms
7ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 14 Dec 2021 19:06:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 88517
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11408
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 07:52:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 14 Mar 2022 19:06:41 GMT

GET
H2 200 svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame C7C6 13 KB
13 KB 7ms
7ms Image
image/svg+xml 2600:9000:2240:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 28 Apr 2021 14:37:41 GMT
via: 1.1 bf791e1829ff18782cd9837fbba03616.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 19976657
x-cache: Hit from cloudfront
content-length: 13079
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 27 Apr 2021 21:01:56 GMT
server: nginx
etag: "60887bc4-3317"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
expires: Thu, 28 Apr 2022 14:37:41 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: GQ96FU2yOQTvXqj63pThiSYSFrd7hdEOElcwGxKvm4svwrFOsXJhPg==
x-cache-hits: 0

GET
H2 200 loader.ba7c86e8b4b6135bb668d05223f8f127.gif
c.disquscdn.com/next/embed/assets/img/ Frame C7C6 3 KB
3 KB 7ms
7ms Image
image/gif 2600:9000:2240:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 03 Feb 2021 04:58:07 GMT
via: 1.1 bf791e1829ff18782cd9837fbba03616.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 27269031
x-cache: Hit from cloudfront
content-length: 2971
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Wed, 27 Jan 2021 17:23:07 GMT
server: nginx
etag: "6011a17b-b9b"
content-type: image/gif
access-control-allow-origin: *
expires: Thu, 03 Feb 2022 04:58:07 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: Jo8nPX2Gsz6xJDgBOEbU5gduefkR3AzHLakiljy8ZUrk79uv9z7aJA==
x-cache-hits: 0

GET
H2 200 sprite.ad630a07080a45451f139a7487853ff8.png
c.disquscdn.com/next/embed/assets/img/ Frame C7C6 2 KB
2 KB 7ms
7ms Image
image/png 2600:9000:2240:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/sprite.ad630a07080a45451f139a7487853ff8.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 19:47:48 GMT
via: 1.1 bf791e1829ff18782cd9837fbba03616.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 7257250
x-cache: Hit from cloudfront
content-length: 1763
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Wed, 22 Sep 2021 19:30:27 GMT
server: nginx
etag: "614b8453-6e3"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 22 Sep 2022 19:47:48 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: Gl0morsxYdSPudsMlglBO-6sRwLRxHr4aagiPLGAAO2I4GpUUZxlJQ==
x-cache-hits: 0

GET
H2 200 icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
c.disquscdn.com/next/embed/assets/font/ Frame C7C6 8 KB
8 KB 8ms
8ms Font
application/octet-stream 2600:9000:2240:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/assets/font/icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css
Origin: https://disqus.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 09:58:18 GMT
via: 1.1 8c08c39035033b8c904aa0e3f734d6c7.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 9107020
x-cache: Hit from cloudfront
content-length: 7900
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Tue, 24 Aug 2021 21:06:44 GMT
server: nginx
etag: "61255f64-1edc"
content-type: application/octet-stream
access-control-allow-origin: *
expires: Thu, 01 Sep 2022 09:58:18 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: nnPtwiUi4goYy9YxQ2tukMSGdGbSIGXnL7mel8gQbJPv66PrUPVARg==
x-cache-hits: 0

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/16712137192714467582/ Frame CCEE 18 KB
18 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16712137192714467582/downsize_200k_v1?w=400&h=209

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d656833adb546296b5298bb691a03aeb1935e8faa68ae6fddd5033ac58a5d2b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 11:00:38 GMT
x-content-type-options: nosniff
age: 31280
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18231
x-xss-protection: 0
last-modified: Tue, 10 Mar 2020 14:56:45 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 15 Dec 2022 11:00:38 GMT

GET
H2 200 alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js Show response
c.disquscdn.com/next/embed/ 78 KB
27 KB 8ms
7ms Script
application/javascript 2600:9000:2240:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js

Requested by

Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9efb3d5e1b082a66bd94908b42afb4cf6fe0e8eb8f50b8d2a18f6a5da03e6a18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 05 May 2021 15:25:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19368988
x-cache: Hit from cloudfront
content-length: 26578
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Wed, 28 Apr 2021 21:48:08 GMT
server: nginx
etag: "6089d818-67d2"
content-type: application/javascript; charset=utf-8
via: 1.1 bf791e1829ff18782cd9837fbba03616.cloudfront.net (CloudFront)
expires: Thu, 05 May 2022 15:25:30 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA60-P1
timing-allow-origin: *
x-amz-cf-id: 4T9Gbj3N4hcOb8wEWQb2110xBHnO7Cv0IVtTdfwv_l1jdi8CpydQIw==
x-cache-hits: 0

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/1731282270616713901/ Frame BB24 18 KB
18 KB 10ms
10ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1731282270616713901/downsize_200k_v1?w=400&h=209

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b16ea4304c2004d6ed4c550a69479c104682e56fe8e98368456e251ea06e944e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 15:45:57 GMT
x-content-type-options: nosniff
age: 14161
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18512
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 12:25:51 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 15 Dec 2022 15:45:57 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame CCEE 0
0 49ms
48ms Fetch
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CuZDrBkW6YeqBBYKwgAPmsJroDvTN-4ZmiYfv46sMqb_ChIobEAEg1bOubWCV4pCCoAegAfTazJkDyAEGqQKUit6m2-OyPqgDAcgDywSqBOoBT9CvC9QYS8iY14dDSL00c6Qv8GjN7gcLKgQIi77i57Vpcbj1KStQnkAY0CHPiOVyq6iP9K-OAlme7hNqbpCb3o1jlqQ1UZq1sUOp0e_CxaflrZwG-IPKvXZhgTN97ZqUFwB6tI_-30S47ZCvixPvf0ULbhWxCbq1tQVrjFv_hNzB4W_q17PzklT4Jo0xW3l-R5a9pG_JNEb1apSSupLjPh29pZIXNTG3L9NrgjmeZ7h9ehBl08U55pBCYc35s0qsAHWn1SL1NJC9xgJpk8ELmjqWc3B-9sB-5UQ-d69tA-ptu8cOUy_lAixcwAT9_r-IiQOSBQQIBBgBkgUECAUYBKAGN4AH9KSzZqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEI_cAdIICQiA4YAQEAEYH4AKAcgLAdgTDIgUA9AVAZgWAYAXAbIXHAoaCAASFHB1Yi01NzIwNzYzMjcxNTMyMzc3GAA&sigh=w_H3qhY6C4s&uach_m=[UACH]&template_id=492

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=8831273914&adk=3175788880&adf=3735847537&pi=t.ma~as.8831273914&w=1200&fwrn=4&lmt=1639597317&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597317601&bpp=1&bdt=240&idt=325&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200%2C1200x200&correlator=8719168437898&frm=20&pv=1&ga_vid=312059641.1639597318&ga_sid=1639597318&ga_hid=1410843209&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=2190&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=464529641161210&pem=28&tmod=284&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=TcvVvCWhWj&p=https%3A//www.threatminer.org&dtd=327
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 15 Dec 2021 19:41:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js Show response
pagead2.googlesyndication.com/bg/ Frame 7F30 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53f0cf5f2fef7e5a938d553f62eb56266d1ac4e244eb7dcd40630614485fdacd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 14 Dec 2021 13:27:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 108886
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13577
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 14 Dec 2022 13:27:12 GMT

GET
H2 200 realtime.b23ff3c36dd0169627f8e54ca1621eca.css
c.disquscdn.com/next/embed/styles/ Frame 1BE1 337 B
838 B 7ms
7ms Stylesheet
text/css 2600:9000:2240:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css

Requested by

Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 02 Nov 2021 19:05:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3717409
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 244
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 02 Nov 2021 18:16:01 GMT
server: nginx
etag: "61818061-f4"
content-type: text/css; charset=utf-8
via: 1.1 bf791e1829ff18782cd9837fbba03616.cloudfront.net (CloudFront)
expires: Wed, 02 Nov 2022 19:05:09 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA60-P1
timing-allow-origin: *
x-amz-cf-id: EoicPK6ox4owb5C3p1UKvEFGPnjhgdcumqL1ar4PsFImcKVEUGgHVw==
x-cache-hits: 0

GET
H2 200 realtime.b23ff3c36dd0169627f8e54ca1621eca.css
c.disquscdn.com/next/embed/styles/ Frame 7ABF 337 B
839 B 10ms
10ms Stylesheet
text/css 2600:9000:2240:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css

Requested by

Host: threatminer.disqus.com
URL: https://threatminer.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 02 Nov 2021 19:05:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3717409
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 244
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 02 Nov 2021 18:16:01 GMT
server: nginx
etag: "61818061-f4"
content-type: text/css; charset=utf-8
via: 1.1 bf791e1829ff18782cd9837fbba03616.cloudfront.net (CloudFront)
expires: Wed, 02 Nov 2022 19:05:09 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA60-P1
timing-allow-origin: *
x-amz-cf-id: rPncJvpPnulp5OXU6K_MxC3NJTf6-eE1fZrgk6V_UrcK2NlC5cob-w==
x-cache-hits: 0

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ Frame C7C6 43 B
339 B 103ms
103ms Image
image/gif 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&load_time=405&event=init_embed&thread=8927646557&forum=threatminer&forum_id=5993718&imp=8skon082b8r7fp&thread_slug=f326e2b2eb1f84179c8d81fb31d22ea7_malware_analysis_results_threatminerorg&user_type=anon&referrer=https%3A%2F%2Fwww.threatminer.org%2F&theme=next&dnt=0&tracking_enabled=0&experiment=network_default&variant=fallthrough&service=dynamic&promoted_enabled=true&max_enabled=true

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=threatminer&t_i=f326e2b2eb1f84179c8d81fb31d22ea7&t_u=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&t_d=f326e2b2eb1f84179c8d81fb31d22ea7%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&t_t=f326e2b2eb1f84179c8d81fb31d22ea7%20Malware%20Analysis%20Results%20%7C%20ThreatMiner.org&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 19:41:58 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H3 200 4207835197350950006
tpc.googlesyndication.com/daca_images/simgad/ Frame 1E39 115 KB
115 KB 10ms
9ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/4207835197350950006

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=6125219520&adk=3585176026&adf=3636535385&pi=t.ma~as.6125219520&w=1200&fwrn=4&lmt=1639597317&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597317601&bpp=1&bdt=239&idt=318&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200&correlator=8719168437898&frm=20&pv=1&ga_vid=312059641.1639597318&ga_sid=1639597318&ga_hid=1410843209&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1139&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=464529641161210&pem=28&tmod=284&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=7F0wDg2rEw&p=https%3A//www.threatminer.org&dtd=321

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e2dc39e86bae5866c25bab3d804efeab166246ffbe522f159dd6ad7507de9b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 18:39:12 GMT
x-content-type-options: nosniff
age: 3766
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118015
x-xss-protection: 0
last-modified: Mon, 15 Nov 2021 10:59:16 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 15 Dec 2022 18:39:12 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 1E39 19 KB
8 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:40:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 88
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:40:30 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 1E39 2 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:31:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 626
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:31:32 GMT

GET
H2 200 svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame C7C6 13 KB
13 KB 7ms
7ms Image
image/svg+xml 2600:9000:2240:9000:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:9000:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.7ab903feba7624935283ca4c7d8c7203.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 28 Apr 2021 14:37:41 GMT
via: 1.1 bf791e1829ff18782cd9837fbba03616.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 19976657
x-cache: Hit from cloudfront
content-length: 13079
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 27 Apr 2021 21:01:56 GMT
server: nginx
etag: "60887bc4-3317"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
expires: Thu, 28 Apr 2022 14:37:41 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: XjDbY08v0mp09OYK7ChTktrmqP1RQnTCxchF05-HPB52qza_NDDiCA==
x-cache-hits: 0

GET
BLOB 200
OK c6dd862a-fd50-4463-9145-343ade5b65a9
https://www.threatminer.org/ 31 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.threatminer.org/c6dd862a-fd50-4463-9145-343ade5b65a9
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Length: 31
Content-Type: application/javascript

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 1E39 0
0 48ms
48ms Fetch
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CghjGBkW6YaD2BKacs8IPtK2R4ATIjeu2ZJu53pSWD5aCzYWIFhABINWzrm1gleKQgqAHoAGDsJ2fAsgBAqgDAcgDyQSqBOUBT9CD5TDWgPVqaeNQBcWASgcqkQC-qWE8Mo5itgnG5aZ_cqef5IsaE_SB6OHxe4G07M5n0Ame7cKotxfAucHjcezbbL_83iFWENObbB2XUNw6r5A2TuVPcfXD5n9X9ZeJM8Qq4G9454N7WaEEfLi2fvdWHFPHET0R7QH-yzVjv6yn0S7geQkhpTUeoIapWoZfpauCdXJSFl65feN2I3st6qImDAYp_ATg_TZLoZaO9SDPhPFTM6JZ4E8HnAttFWTy1R0YeLR2k3TtWgHeHPpRBr0r8DJ5nwK-FCdZ_zXcxci1BJ1KlMAEu6qlhM8DkgUECAQYAZIFBAgFGASgBgKAB7zYj5QCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQqJwB0ggJCIDhgBAQARgfgAoByAsB2BMM0BUBgBcBshccChoIABIUcHViLTU3MjA3NjMyNzE1MzIzNzcYAA&sigh=6vvvRma3K1Y&uach_m=[UACH]

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=6125219520&adk=3585176026&adf=3636535385&pi=t.ma~as.6125219520&w=1200&fwrn=4&lmt=1639597317&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597317601&bpp=1&bdt=239&idt=318&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200&correlator=8719168437898&frm=20&pv=1&ga_vid=312059641.1639597318&ga_sid=1639597318&ga_hid=1410843209&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1139&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=464529641161210&pem=28&tmod=284&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=7F0wDg2rEw&p=https%3A//www.threatminer.org&dtd=321
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 15 Dec 2021 19:41:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 CTA.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/ Frame 681B 1 KB
1 KB 9ms
9ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/CTA.png?1607436056177

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

166546432362a275af899542d876583bb41224b2c13cdf399bb1871edff5c5ab

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 73553
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1330
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Tue, 14 Dec 2021 23:16:05 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 14 Dec 2022 23:16:05 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1E39 119 KB
36 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 15 Dec 2021 19:41:58 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 1E39 15 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:39:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 134
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:39:44 GMT

GET
H3 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 1E39 27 KB
11 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2cc36b7e19b912c6d09739d2c3edbbb05a272be96736ae9fb0b0a70c2a331d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 15:46:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11415
x-xss-protection: 0
server: cafe
etag: 3382072337847676073
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 15:46:58 GMT

GET
H2 200 -3BXc4Df
pbs.twimg.com/card_img/1470883973509398537/ Frame 5D55 24 KB
24 KB 114ms
103ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1470883973509398537/-3BXc4Df?format=png&name=800x419

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CF8) /

Resource Hash

f1a5c62afaf2fe49a1885b10bc57bd0b1b14a59d9939bc0c4f9c8f4bad6ab6ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
x-content-type-options: nosniff
age: 75119
x-cache: HIT
content-length: 24299
x-response-time: 249
surrogate-key: card_img card_img/bucket/5 card_img/1470883973509398537
last-modified: Tue, 14 Dec 2021 22:28:41 GMT
server: ECS (mil/6CF8)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 1df7db76e41287f7ff3d50c1e38afc27082f0f6f53a02e36bacabadebe1d1acd
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 XYvHCYoc
pbs.twimg.com/card_img/1467648548628054017/ Frame 5D55 22 KB
22 KB 84ms
74ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1467648548628054017/XYvHCYoc?format=png&name=600x314

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CE5) /

Resource Hash

f6a8ee66594aca8034752c88745d4ab5c134408b2e0413e05477c176b111d0d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
x-content-type-options: nosniff
age: 223444
x-cache: HIT
content-length: 22774
x-response-time: 227
surrogate-key: card_img card_img/bucket/0 card_img/1467648548628054017
last-modified: Mon, 06 Dec 2021 00:12:16 GMT
server: ECS (mil/6CE5)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 7a0f1e62ede5da005c5dc0b0ddecf09a4ddd654b2980bb9d0ec4621ac5db4eb5
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 4sNPjrgO
pbs.twimg.com/card_img/1470722545187971077/ Frame 5D55 27 KB
27 KB 113ms
103ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1470722545187971077/4sNPjrgO?format=png&name=600x314

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CEE) /

Resource Hash

106f36a58408c097b1febcc9f0fe8fdf3dc79fb29b120f06e2172dcc1ac0c921

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
x-content-type-options: nosniff
age: 114382
x-cache: HIT
content-length: 27527
x-response-time: 248
surrogate-key: card_img card_img/bucket/4 card_img/1470722545187971077
last-modified: Tue, 14 Dec 2021 11:47:14 GMT
server: ECS (mil/6CEE)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 2476fd49c276601ed408f1803d0ae5aa3662b47efdd2e2640798b9976a8a81d1
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 AlUa5D4L
pbs.twimg.com/card_img/1468691943832043523/ Frame 5D55 46 KB
46 KB 51ms
42ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1468691943832043523/AlUa5D4L?format=jpg&name=600x314

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CEB) /

Resource Hash

7be5f63793eef79dfde6edc1d8e29918e831ac49766cdc8f03960efd1550fa74

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
x-content-type-options: nosniff
age: 598245
x-cache: HIT
content-length: 46803
x-response-time: 249
surrogate-key: card_img card_img/bucket/7 card_img/1468691943832043523
last-modified: Wed, 08 Dec 2021 21:18:21 GMT
server: ECS (mil/6CEB)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: ef2c9ce30e6dcb6dea6b575b21d8148455528df5b65573504aaae284f018fb97
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 1f448.png
abs.twimg.com/emoji/v2/72x72/ Frame 5D55 422 B
808 B 81ms
23ms Image
image/png 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f448.png

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8F5D) /

Resource Hash

4dc8736a1f88ba8b83372678be7d33ec790a58f91125c1794c65219d533e891a

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
x-content-type-options: nosniff
age: 11705130
x-ton-expected-size: 422
x-cache: HIT
content-length: 422
x-response-time: 11
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:28:34 GMT
server: ECAcc (frc/8F5D)
etag: "D3w7G3cLTZqaQU3X/K27SA=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 83b3b78cc1ee574c20cda106fac3e6e861c7431fb6281763a45ffdaec6140aa6
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
expires: Thu, 15 Dec 2022 19:41:58 GMT

GET
H2 200 qbQFoz91
pbs.twimg.com/card_img/1469527464997429250/ Frame 5D55 15 KB
15 KB 48ms
40ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1469527464997429250/qbQFoz91?format=jpg&name=600x314

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CF0) /

Resource Hash

93f3d1d5607792c347bdea9551f2ed80d56ceeaa90238657851d6402abadc7fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
x-content-type-options: nosniff
age: 398616
x-cache: HIT
content-length: 15324
x-response-time: 240
surrogate-key: card_img card_img/bucket/3 card_img/1469527464997429250
last-modified: Sat, 11 Dec 2021 04:38:24 GMT
server: ECS (mil/6CF0)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: b03b349e0695b819fa50e075bbf7af9ddaf48a08e1ddfdc424d6b9c5d3c04627
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 gD1-H9-0
pbs.twimg.com/card_img/1470750668986236930/ Frame 5D55 21 KB
21 KB 86ms
78ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1470750668986236930/gD1-H9-0?format=jpg&name=600x314

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CF8) /

Resource Hash

add3f714af0d16f350b850d0b281a64aaba19f3dc4b35a2917cc448deb6cc1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
x-content-type-options: nosniff
age: 107132
x-cache: HIT
content-length: 21576
x-response-time: 241
surrogate-key: card_img card_img/bucket/6 card_img/1470750668986236930
last-modified: Tue, 14 Dec 2021 13:38:59 GMT
server: ECS (mil/6CF8)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 0d3c6d3514c07619f11338afeef4c150362b9d416fbaef7adef7399e41be4263
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 vNgVRY9s
pbs.twimg.com/card_img/1468736448748789763/ Frame 5D55 26 KB
26 KB 63ms
61ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1468736448748789763/vNgVRY9s?format=jpg&name=600x314

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CE6) /

Resource Hash

edce17cae96873e2cf08323e45f8316b500e4596563b8c69b63e162250038e91

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
x-content-type-options: nosniff
age: 587919
x-cache: HIT
content-length: 26818
x-response-time: 261
surrogate-key: card_img card_img/bucket/2 card_img/1468736448748789763
last-modified: Thu, 09 Dec 2021 00:15:11 GMT
server: ECS (mil/6CE6)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 8750634cd63f3b03db124140ba8fea2c792fdd5e9c2831740374b72d128223a2
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 1f602.png
abs.twimg.com/emoji/v2/72x72/ Frame 5D55 1 KB
1 KB 82ms
25ms Image
image/png 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f602.png

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8F20) /

Resource Hash

c252a58367211c11d839155e50dc5e98551826c64b8d2e8d6267124c054ceae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
x-content-type-options: nosniff
age: 17406123
x-ton-expected-size: 1095
x-cache: HIT
content-length: 1095
surrogate-key: twitter-assets
last-modified: Wed, 21 Feb 2018 22:30:28 GMT
server: ECAcc (frc/8F20)
etag: "CskKXLmjEnqr5kggS5rnnQ=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: 7d2b3c02adf5ed28c9fb615762d414a7498ca74999e534a751eab550f53a1c59
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
expires: Thu, 15 Dec 2022 19:41:58 GMT

GET
H2 200 1f918.png
abs.twimg.com/emoji/v2/72x72/ Frame 5D55 603 B
766 B 80ms
24ms Image
image/png 2606:2800:233:8173:898f:63b3:95c3:79d2
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs.twimg.com/emoji/v2/72x72/1f918.png

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8FD9) /

Resource Hash

13da23e323658067823edcbc9f6033522a57cbe4325eb72470ab93f6c77f5c38

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
x-content-type-options: nosniff
age: 16887997
x-ton-expected-size: 603
x-cache: HIT
content-length: 603
surrogate-key: twitter-assets
last-modified: Fri, 18 Jan 2019 20:57:56 GMT
server: ECAcc (frc/8FD9)
etag: "SabOq57Qub/blwNeQOJr5w=="
strict-transport-security: max-age=631138519
content-type: image/png
access-control-allow-origin: *
x-connection-hash: d386fa95aae0129ebb5b0d8a4a6fa226689308f114cec040b1dd6bb3532cc078
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
expires: Thu, 15 Dec 2022 19:41:58 GMT

GET
H2 200 dRWfxxeC
pbs.twimg.com/card_img/1470570618210848772/ Frame 5D55 24 KB
25 KB 42ms
41ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1470570618210848772/dRWfxxeC?format=jpg&name=600x314

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CDE) /

Resource Hash

558e624c6b2b348a585985d9204bf4c76539d9b66a40f9fb0c6c23d341f5468b

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:58 GMT
x-content-type-options: nosniff
age: 138722
x-cache: HIT
content-length: 24904
x-response-time: 308
surrogate-key: card_img card_img/bucket/6 card_img/1470570618210848772
last-modified: Tue, 14 Dec 2021 01:43:31 GMT
server: ECS (mil/6CDE)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 0b030e730b5faaa396da929cb879c467c869096889fb65eff180ddc0c7509baa
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H/1.1 200
OK timeline.2fcb295ab98c2ce26f4cca0d2b2d0f48.light.ltr.css
platform.twitter.com/css/ Frame 5D55 53 KB
12 KB 41ms
40ms Stylesheet
text/css 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/css/timeline.2fcb295ab98c2ce26f4cca0d2b2d0f48.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (mil/6CE4) /
Resource Hash: 8a322ede0b619b9051fccbe2a1a31f402f416d45f92c245aafcbe75e42f6f2b2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 19:41:58 GMT
Content-Encoding: gzip
Last-Modified: Thu, 02 Dec 2021 21:34:09 GMT
Server: ECS (mil/6CE4)
Age: 515736
Etag: "fb5a989a2b36d6be5344baad6a1936fd+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: text/css; charset=utf-8
Content-Length: 12144

GET
H/1.1 200
OK timeline.2fcb295ab98c2ce26f4cca0d2b2d0f48.light.ltr.css
platform.twitter.com/css/ 53 KB
53 KB 41ms
41ms Image
text/css 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform.twitter.com/css/timeline.2fcb295ab98c2ce26f4cca0d2b2d0f48.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (mil/6CE4) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 19:41:58 GMT
Content-Encoding: gzip
Last-Modified: Thu, 02 Dec 2021 21:34:09 GMT
Server: ECS (mil/6CE4)
Age: 515736
Etag: "fb5a989a2b36d6be5344baad6a1936fd+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: text/css; charset=utf-8
Content-Length: 12144

GET
DATA 200
OK truncated
/ Frame CCEE 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 55928bddbc936b71bb314de67ba3d00991412774fb24b247244bc6c952e64464

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 cta-branding.js Show response
cdn.taboola.com/demand-formats/cta-branding/ Frame 36D3 19 KB
6 KB 20ms
19ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/demand-formats/cta-branding/cta-branding.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20211215-1-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a351fd92e5702efce917edb3a5fa5e15b0c2c01b05c72004d183ea3cd0ac8cc4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: n7qu5_m2oY3yYk8zx0ISQgopnHkiUO7s
content-encoding: gzip
etag: "103abcd7af0ff73c2bca84d874ada0e2"
age: 16106
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 6020
x-amz-id-2: YDx8ixBSqxXS2HZpjfRchhEsQtEd5TruO6mhwuG1kzUTpEjmOdZREYpGNBC7CY7+e3MBxBkFJ7Q=
x-served-by: cache-cdg20753-CDG
last-modified: Tue, 30 Nov 2021 12:15:08 GMT
server: AmazonS3
x-timer: S1639597319.897005,VS0,VE0
date: Wed, 15 Dec 2021 19:41:58 GMT
vary: Accept-Encoding
x-amz-request-id: DM4HW9MVZE6JK647
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript
abp: 50
x-cache-hits: 176605

GET
H2 200 cta-branding.css
cdn.taboola.com/demand-formats/cta-branding/ Frame 36D3 2 KB
1 KB 19ms
18ms Stylesheet
text/css 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/demand-formats/cta-branding/cta-branding.css
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20211215-1-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8061c17ad6d7b8805745d8f136437acc8abe498fed1a01cec4d142b55def3c55

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: 8oi59FmV5lZnBSZug04yEHoBr2VIEPOj
content-encoding: gzip
etag: "44e0fb48ae5c8af459ee8102bcc39ee7"
age: 16105
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 702
x-amz-id-2: Hs6EZr/EArx6ocAQ5bjqQKjq52SnT6w/gdOoc/rFH+7hwG2YSgftgvlss6OmaZEiJ2/KIM5a3LU=
x-served-by: cache-cdg20753-CDG
last-modified: Tue, 30 Nov 2021 12:15:07 GMT
server: AmazonS3
x-timer: S1639597319.897041,VS0,VE0
date: Wed, 15 Dec 2021 19:41:58 GMT
vary: Accept-Encoding
x-amz-request-id: DM4NSDRWAZYDHD8M
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: text/css
abp: 50
x-cache-hits: 174359

GET
H2 200 tfa-eid.20211215-1-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ Frame 36D3 14 KB
5 KB 19ms
18ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/tfa-eid.20211215-1-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3d960434d20fce0cccb3e322162f4be302f45f67e3f7498a8792ba5a8b356ec3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: 8ZrJJ643qvhcp1tlvuMVvDKw2ZIP.HVa
content-encoding: gzip
etag: "fc9651aa9f7ccbd8fe7ecbd6db6a2576"
age: 4842
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 5061
x-amz-id-2: WXrbnhZapU7Fx0W2LdmV8czGzaX5WWIJMKdskdrUXmuT1auH3hYN9epsWdKU1EetWFYXyml3kVI=
x-served-by: cache-cdg20753-CDG
last-modified: Wed, 15 Dec 2021 10:13:12 GMT
server: AmazonS3
x-timer: S1639597319.898088,VS0,VE0
date: Wed, 15 Dec 2021 19:41:58 GMT
vary: Accept-Encoding
x-amz-request-id: 1W1KXMDMGRQVJ6AM
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 50
x-cache-hits: 43116

GET
H2 200 sha256.20211215-1-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ Frame 36D3 6 KB
3 KB 19ms
19ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/sha256.20211215-1-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6ee9558dd324e8fbd50417903c8cb1f5b37b6798310a8514c0c46de35f6b623d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: T5oeRdj5IIjw2xUwEY5d0rF54dwWiEv_
content-encoding: gzip
etag: "5074f4139cc735fff8aaacb66113eb3f"
age: 80
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 2590
x-amz-id-2: uq1u9T9AdF6eRI9Sr5x8hIDPSZKtIdEgf5GFu5TdnSZ4J8DtXAvxRfB6ICaJdxU/3uzOflp6BDg=
x-served-by: cache-cdg20753-CDG
last-modified: Wed, 15 Dec 2021 10:14:29 GMT
server: AmazonS3
x-timer: S1639597319.898803,VS0,VE0
date: Wed, 15 Dec 2021 19:41:58 GMT
vary: Accept-Encoding
x-amz-request-id: VHRM4DJ1XEX24HHF
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 50
x-cache-hits: 678

GET
H2 200 tb Show response
15.taboola.com/ Frame 36D3 4 KB
3 KB 181ms
172ms XHR
text/html 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://15.taboola.com/tb?oid=15&pubnm=disqus-widget-safetylevel20longtail09&unitType=226&tbloc=&pageType=text&pstn=%7B%22domain%22%3A%20%22https%3A%2F%2Fwww.threatminer.org%22%2C%20%22experiment%22%3A%20%22network_default%22%2C%20%22position%22%3A%20%22top%22%2C%20%22shortname%22%3A%20%22threatminer%22%2C%20%22variant%22%3A%20%22fallthrough%22%7D&uuip=&cisrf=https%3A%2F%2Fwww.threatminer.org%2F&cirf=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&encoded=1&uid=5b0d2eac-f762-40d4-b014-92a8157343f8-tuct8b3ca86&variant=0|478542&callback=TRC.videoTagCallbacks.videoCallback1&cb=1639597318906&tagid=&cntry=DE&platform=1&sesid=7380e0b1a61bdd35b741a52660598bc5&itemid=/sample.php&viewid=1639597318272&geolat=&geoing=&deviceifa=&appid=&sd=v2_7380e0b1a61bdd35b741a52660598bc5_5b0d2eac-f762-40d4-b014-92a8157343f8-tuct8b3ca86_1639597318_1639597318_CIi3jgYQktQ_GIDB9vzbLyABKAEwODib4wlAhIoQSPCs2QNQo-wQWABgAGiApKeijMutlDNwAA&ri=921abfd9656956dbaef918559a58a288&appname=&cdb=&gdprApplies=true&rid=&sii=2055554289249226850&oee=true&tpubid=1042962&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=&region=HE&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1003147&prcnt=&layer=
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20211215-1-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e289900ed2e3fe1dd0519eafdd991aca46ae95154232ab83e4effd1d9b647139

Request headers

Referer: https://www.threatminer.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
content-encoding: gzip
access-control-allow-origin: https://www.threatminer.org
machineid: 1449
x-cache: MISS
xvid-debug: mrmr - :
x-served-by: cache-cdg20753-CDG
pragma: no-cache
server: nginx
x-timer: S1639597319.928708,VS0,VE150
vary: Accept-Encoding
content-type: text/html;charset=ISO-8859-1
via: 1.1 varnish
expires: Sat, 26 Jul 1997 05:00:00 GMT
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
accept-ranges: bytes
link: <https://am-wf.taboola.com>; rel=preconnect
x-cache-hits: 0

GET
H2 200 userx.20211215-1-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ Frame 36D3 17 KB
5 KB 21ms
16ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/userx.20211215-1-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d972e761cb8263d1fb42c33e710975c1679ee2eba516e8ca6f2302b10cbc0cb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: GERRszwnSBiv4HnOP9dBLehraHOaaSmV
content-encoding: gzip
etag: "7201cd37ff9241e1f5b98d6825eac73d"
age: 42
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 5339
x-amz-id-2: PXDI2PXODDe5Xs57zkX8Ri+heZTzY2GlJGTxYsuv+UdB2vWaaBTjVa/CTd6nXhkJoPMayji0rKk=
x-served-by: cache-cdg20753-CDG
last-modified: Wed, 15 Dec 2021 10:12:54 GMT
server: AmazonS3
x-timer: S1639597319.928542,VS0,VE0
date: Wed, 15 Dec 2021 19:41:58 GMT
vary: Accept-Encoding
x-amz-request-id: R32034MRNYVQ6SKA
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 50
x-cache-hits: 70

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 530E 143 B
163 B 7ms
6ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=200&slotname=6125219520&adk=3585176026&adf=3636535385&pi=t.ma~as.6125219520&w=1200&fwrn=4&lmt=1639597317&rafmt=11&psa=0&format=1200x200&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597317601&bpp=1&bdt=239&idt=318&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250%2C299x600%2C1182x200&correlator=8719168437898&frm=20&pv=1&ga_vid=312059641.1639597318&ga_sid=1639597318&ga_hid=1410843209&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1139&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=464529641161210&pem=28&tmod=284&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=7F0wDg2rEw&p=https%3A//www.threatminer.org&dtd=321

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 15 Dec 2021 19:02:20 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2378
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v27/ Frame CCEE 16 KB
16 KB 26ms
10ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open%20Sans%3A400

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cce577471c2586f3e0c2518fff84a970d33f61491fb8c629341b86f238cf07c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:44:20 GMT
x-content-type-options: nosniff
age: 453458
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16692
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:32:10 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 10 Dec 2022 13:44:20 GMT

GET
H2 200 b38a6c54b37b6245c2741183d40e6b3b.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 36D3 8 KB
9 KB 20ms
17ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b38a6c54b37b6245c2741183d40e6b3b.png
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 162523b35a7ab39f1e12b85b48dc5dc53d51b867c4ac7490a6e1851f72f59b61

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Wed, 15 Dec 2021 19:41:58 GMT
via: 1.1 varnish, 1.1 varnish
age: 4134021
edge-cache-tag: 548326101841219537467387756674379334140,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 33
expiration: expiry-date="Fri, 05 Nov 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b38a6c54b37b6245c2741183d40e6b3b.png
content-length: 8544
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
last-modified: Tue, 05 Oct 2021 14:38:58 GMT
server: nginx
x-timer: S1639597319.957486,VS0,VE1
etag: "9dd11341fb4cc30e8aa7b2e985c0a87a"
x-served-by: cache-wdc5571-WDC, cache-dca12927-DCA, cache-cdg20753-CDG
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame AB08
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

87ms
87ms

Document
text/html

2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 15 Dec 2021 19:41:59 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 15 Dec 2021 19:41:59 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 15 Dec 2021 19:41:59 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 97b2c47246ac240b4c707a5eb02e51d6.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 36D3 9 KB
10 KB 19ms
18ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/97b2c47246ac240b4c707a5eb02e51d6.jpg
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: a804d039c3e5a8ce2adf20de56ee26ecf54f07c0a6a1c2c677b9d971580745f5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Wed, 15 Dec 2021 19:41:58 GMT
via: 1.1 varnish, 1.1 varnish
age: 148367
edge-cache-tag: 371231349368601501045916157343057483449,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag: 371231349368601501045916157343057483449,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 99
x-envoy-upstream-service-time: 162
expiration: expiry-date="Sat, 25 Dec 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/97b2c47246ac240b4c707a5eb02e51d6.jpg
content-length: 9198
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
last-modified: Wed, 24 Nov 2021 07:21:35 GMT
server: nginx
x-timer: S1639597319.957347,VS0,VE1
etag: "e6e226760dd83f230f0c6f5f1ad238c6"
x-served-by: cache-bwi5069-BWI, cache-dca17741-DCA, cache-cdg20753-CDG
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1

GET
H2 200 670f74e7f0dbcfacfed2ed500da463f5.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 36D3 6 KB
7 KB 17ms
16ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/670f74e7f0dbcfacfed2ed500da463f5.png
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 14053ecb671ff488b7b8228571991f0bce2b091cdb3209415575029d76bd56c4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Wed, 15 Dec 2021 19:41:58 GMT
via: 1.1 varnish, 1.1 varnish
age: 1806491
edge-cache-tag: 490768624821855931895175027602589218109,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 35
expiration: expiry-date="Sat, 25 Dec 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/670f74e7f0dbcfacfed2ed500da463f5.png
content-length: 6104
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
last-modified: Wed, 24 Nov 2021 19:21:06 GMT
server: nginx
x-timer: S1639597319.957217,VS0,VE1
etag: "3c16ceb3633fb045b3ba7449aaae50f5"
x-served-by: cache-wdc5530-WDC, cache-dca17755-DCA, cache-cdg20753-CDG
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 2c3e4218a9974d62.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//creator.skyneto.com/public/uploads/ Frame 36D3 6 KB
6 KB 18ms
17ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//creator.skyneto.com/public/uploads/2c3e4218a9974d62.png
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 8c28f43c738eebf695e54215e8bd2c7a15e7d357b74c14b46b6b98ee296814af

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Wed, 15 Dec 2021 19:41:58 GMT
via: 1.1 varnish, 1.1 varnish
age: 1749938
edge-cache-tag: 500627394768150068980240346248597141906,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 1037
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//creator.skyneto.com/public/uploads/2c3e4218a9974d62.png
content-length: 5856
x-request-id: 12afb6b05ae18a2af07c8a41adf1b8c5
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
last-modified: Wed, 24 Nov 2021 14:33:20 GMT
server: nginx
x-timer: S1639597319.957333,VS0,VE1
etag: "7c65acbc9844af884be2581bcec2b5e5"
x-served-by: cache-dca17731-DCA, cache-dca17781-DCA, cache-cdg20753-CDG
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1

GET
H2 200 497443b63ec997a4c446d3c751d9970c.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 36D3 4 KB
5 KB 18ms
18ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/497443b63ec997a4c446d3c751d9970c.jpg
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 02bb1965d8a1debcb265725fa1972fca9d672b50c166fadece2890a37caecd9c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 2
date: Wed, 15 Dec 2021 19:41:58 GMT
via: 1.1 varnish, 1.1 varnish
age: 1239320
edge-cache-tag: 479673172897681819399237338885909140132,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 157
expiration: expiry-date="Fri, 10 Dec 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/497443b63ec997a4c446d3c751d9970c.jpg
content-length: 4606
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
last-modified: Tue, 09 Nov 2021 09:47:41 GMT
server: nginx
x-timer: S1639597319.958191,VS0,VE2
etag: "04ea3348fbe7e1b0e3807f580d9b7386"
x-served-by: cache-dca17764-DCA, cache-dca17729-DCA, cache-cdg20753-CDG
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1

GET
H2 200 93c9785c12d1b5172b01dee4021896c6.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 36D3 10 KB
10 KB 21ms
19ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/93c9785c12d1b5172b01dee4021896c6.jpg
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 2ccdc901f6b4db7fecff0e6ba92996377dc9c64e3e86d50b0e0f3856b58ad363

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Wed, 15 Dec 2021 19:41:58 GMT
via: 1.1 varnish, 1.1 varnish
age: 2685896
edge-cache-tag: 549895748257841493636353795109578571107,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 78
expiration: expiry-date="Sun, 05 Dec 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/93c9785c12d1b5172b01dee4021896c6.jpg
content-length: 9962
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
last-modified: Thu, 04 Nov 2021 16:46:18 GMT
server: nginx
x-timer: S1639597319.977714,VS0,VE1
etag: "38d63214bbe53009ed5ce48cb7aff51e"
x-served-by: cache-wdc5569-WDC, cache-dca17747-DCA, cache-cdg20753-CDG
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 13fae930f1511440042131d1c383a08f.jpg
images.taboola.com/taboola/image/fetch/h_234,w_280,c_fill,g_xy_center,x_806,y_422/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 36D3 11 KB
12 KB 20ms
19ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/h_234,w_280,c_fill,g_xy_center,x_806,y_422/http%3A//cdn.taboola.com/libtrc/static/thumbnails/13fae930f1511440042131d1c383a08f.jpg
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 26b81709cead177af8db90f5fc54e4e4614959f95be887b2ee0b3fa074afadf6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Wed, 15 Dec 2021 19:41:58 GMT
via: 1.1 varnish, 1.1 varnish
age: 3054684
edge-cache-tag: 357504345927185480692186729429478080039,449629175851469805965942215315888489632,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 99
x-envoy-upstream-service-time: 44
expiration: expiry-date="Thu, 02 Dec 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/h_234,w_280,c_fill,g_xy_center,x_806,y_422/http%3A//cdn.taboola.com/libtrc/static/thumbnails/13fae930f1511440042131d1c383a08f.jpg
content-length: 11466
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
last-modified: Mon, 01 Nov 2021 15:49:34 GMT
server: nginx
x-timer: S1639597319.977909,VS0,VE1
etag: "fdd3998206d256eb14c72dfb74e368e4"
x-served-by: cache-bwi5065-BWI, cache-dca17753-DCA, cache-cdg20753-CDG
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H3 200 CTA_blanc.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/ Frame 681B 1 KB
1 KB 8ms
7ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/CTA_blanc.png?1607436056177

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

868295bb1ecfe7de3f367b2836344af8ca73478c6b5fa70591572fb29c50eda9

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 72434
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1330
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Tue, 14 Dec 2021 23:34:44 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 14 Dec 2022 23:34:44 GMT

GET
H2 200 pixel.gif
cdn.viglink.com/images/ 43 B
428 B 71ms
31ms Image
image/gif 2606:4700::6810:a40d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.viglink.com/images/pixel.gif?ch=1&rn=1.0398758431557646
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a40d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
cf-cache-status: HIT
last-modified: Tue, 10 Feb 2015 03:29:39 GMT
server: cloudflare
age: 7
etag: "221d8352905f2c38b3cb2bd191d630b0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=15, must-revalidate
content-length: 43
accept-ranges: bytes
cf-ray: 6be2270c0e366987-FRA
x-amz-request-id: PRWRG3QYDH9YWHTE
x-amz-id-2: gfRATvbujnOBmnaE036SleuMrB1J3wYii8FL2ug/NqP3Y1VaN+G8mIF/uoZEbuIpjItbtXD/Qe8=

GET
H2 200 pixel.gif
cdn.viglink.com/images/ 43 B
102 B 87ms
47ms Image
image/gif 2606:4700::6810:a40d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.viglink.com/images/pixel.gif?ch=2&rn=1.0398758431557646
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a40d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
cf-cache-status: HIT
last-modified: Tue, 10 Feb 2015 03:29:39 GMT
server: cloudflare
age: 7
etag: "221d8352905f2c38b3cb2bd191d630b0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=15, must-revalidate
content-length: 43
accept-ranges: bytes
cf-ray: 6be2270c0e386987-FRA
x-amz-request-id: PRWRG3QYDH9YWHTE
x-amz-id-2: gfRATvbujnOBmnaE036SleuMrB1J3wYii8FL2ug/NqP3Y1VaN+G8mIF/uoZEbuIpjItbtXD/Qe8=

GET
H2 200 AlUa5D4L
pbs.twimg.com/card_img/1468691943832043523/ Frame 5D55 46 KB
46 KB 38ms
38ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1468691943832043523/AlUa5D4L?format=jpg&name=600x314

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline.c7de492113f2eac2bb49ff9013aa2889.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CEB) /

Resource Hash

7be5f63793eef79dfde6edc1d8e29918e831ac49766cdc8f03960efd1550fa74

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
x-content-type-options: nosniff
age: 598246
x-cache: HIT
content-length: 46803
x-response-time: 249
surrogate-key: card_img card_img/bucket/7 card_img/1468691943832043523
last-modified: Wed, 08 Dec 2021 21:18:21 GMT
server: ECS (mil/6CEB)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: ef2c9ce30e6dcb6dea6b575b21d8148455528df5b65573504aaae284f018fb97
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 qbQFoz91
pbs.twimg.com/card_img/1469527464997429250/ Frame 5D55 15 KB
15 KB 40ms
40ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1469527464997429250/qbQFoz91?format=jpg&name=600x314

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/js/moment~timeline.c7de492113f2eac2bb49ff9013aa2889.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CF0) /

Resource Hash

93f3d1d5607792c347bdea9551f2ed80d56ceeaa90238657851d6402abadc7fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
x-content-type-options: nosniff
age: 398617
x-cache: HIT
content-length: 15324
x-response-time: 240
surrogate-key: card_img card_img/bucket/3 card_img/1469527464997429250
last-modified: Sat, 11 Dec 2021 04:38:24 GMT
server: ECS (mil/6CF0)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: b03b349e0695b819fa50e075bbf7af9ddaf48a08e1ddfdc424d6b9c5d3c04627
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 3UAW7s5h_normal.png
pbs.twimg.com/profile_images/653471756741685248/ Frame 5D55 5 KB
5 KB 45ms
44ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/653471756741685248/3UAW7s5h_normal.png

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CE6) /

Resource Hash

a98187a68b2512ba8073f68fb559db3b672ad9a36459d74af942d8bb4ed3278f

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
x-content-type-options: nosniff
age: 187201
x-cache: HIT
content-length: 5151
x-response-time: 123
surrogate-key: profile_images profile_images/bucket/7 profile_images/653471756741685248
last-modified: Mon, 12 Oct 2015 07:24:22 GMT
server: ECS (mil/6CE6)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: e01c8ea97bc36ac4137d32a51ed6353d58b52b9dc7f6d463c77d44dc61acb571
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 OlJn-TuS_normal.png
pbs.twimg.com/profile_images/1467890050100867073/ Frame 5D55 5 KB
5 KB 44ms
43ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1467890050100867073/OlJn-TuS_normal.png

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CEE) /

Resource Hash

b5b5ac05e504c27acdc9053687d1b47858ea17971559b922fe52682fc9184baf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
x-content-type-options: nosniff
age: 185257
x-cache: HIT
content-length: 4923
x-response-time: 117
surrogate-key: profile_images profile_images/bucket/4 profile_images/1467890050100867073
last-modified: Mon, 06 Dec 2021 16:11:54 GMT
server: ECS (mil/6CEE)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 09fe87d8e151ba00ac53be1fe76be1af6126184245a4b1819d8ecfe3c4782c3a
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 5q1AbFXy_normal.jpg
pbs.twimg.com/profile_images/1346196937985433601/ Frame 5D55 2 KB
2 KB 45ms
44ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1346196937985433601/5q1AbFXy_normal.jpg

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CEE) /

Resource Hash

91b4ac439a88193b25a302f46fc9a2b0c5455ca4b1f30b7406a541fbc6201200

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
x-content-type-options: nosniff
age: 137285
x-cache: HIT
content-length: 2263
x-response-time: 115
surrogate-key: profile_images profile_images/bucket/0 profile_images/1346196937985433601
last-modified: Mon, 04 Jan 2021 20:46:55 GMT
server: ECS (mil/6CEE)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 43496348ad0d529779abcc5b439ed8dea51ffe01fed427f7c9ce091686bca2dd
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 bMS2a9P1_normal.jpg
pbs.twimg.com/profile_images/1294860240299728897/ Frame 5D55 2 KB
2 KB 45ms
44ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1294860240299728897/bMS2a9P1_normal.jpg

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CED) /

Resource Hash

91ccad943b75171869dacbe5c42de58887b92a1d9fbc567651ade87e7193984d

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
x-content-type-options: nosniff
age: 219105
x-cache: HIT
content-length: 1883
x-response-time: 116
surrogate-key: profile_images profile_images/bucket/5 profile_images/1294860240299728897
last-modified: Sun, 16 Aug 2020 04:53:13 GMT
server: ECS (mil/6CED)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: c7b035656dd87a52fcd158b9222275c2cb847cf23186b1e3735b797d72763be2
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 XHt2EJFn_normal.jpg
pbs.twimg.com/profile_images/753748648085848065/ Frame 5D55 2 KB
2 KB 40ms
39ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/753748648085848065/XHt2EJFn_normal.jpg

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CF8) /

Resource Hash

5a7b3090bd9f8835e6add21f9c4e519a19af8fcedb40d3e9488d0e5e23a2fe36

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
x-content-type-options: nosniff
age: 115602
x-cache: HIT
content-length: 1807
x-response-time: 118
surrogate-key: profile_images profile_images/bucket/0 profile_images/753748648085848065
last-modified: Fri, 15 Jul 2016 00:28:56 GMT
server: ECS (mil/6CF8)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: c9cc721f459659a7e1611a6708e8222ae878a394348391647d940037d9afd655
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 xWoK6KuP_normal.jpg
pbs.twimg.com/profile_images/1463883343079088138/ Frame 5D55 2 KB
2 KB 42ms
41ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1463883343079088138/xWoK6KuP_normal.jpg

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CF8) /

Resource Hash

70f157c3fb7e1d05c83d4f8f269d9c6b67203e37863329eefc5202b97af308cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
x-content-type-options: nosniff
age: 535004
x-cache: HIT
content-length: 2035
x-response-time: 186
surrogate-key: profile_images profile_images/bucket/3 profile_images/1463883343079088138
last-modified: Thu, 25 Nov 2021 14:50:41 GMT
server: ECS (mil/6CF8)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 9e2b2ac12d5c9b7706cd593494aaea62a6d28bd10a64aba418acd3bacf65bc79
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 5MAHUhST_normal.jpg
pbs.twimg.com/profile_images/1367943482053115905/ Frame 5D55 2 KB
2 KB 40ms
39ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1367943482053115905/5MAHUhST_normal.jpg

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CFA) /

Resource Hash

28350b1ee2c38c7a5eb134d520dedd01ab578d81c2ebe814e63e5d212c6ab1f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
x-content-type-options: nosniff
age: 379887
x-cache: HIT
content-length: 2111
x-response-time: 112
surrogate-key: profile_images profile_images/bucket/0 profile_images/1367943482053115905
last-modified: Fri, 05 Mar 2021 20:59:55 GMT
server: ECS (mil/6CFA)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: d8a12653ea8a604b0163355830fc72cc5113fed646d44466ba41b641977e6a85
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 Zpfst2wh_normal.jpg
pbs.twimg.com/profile_images/1165118373585403904/ Frame 5D55 2 KB
2 KB 39ms
38ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1165118373585403904/Zpfst2wh_normal.jpg

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CF5) /

Resource Hash

999a740fc678f340320d75cf6083acc26c1d005b81d6819cc3af4598b328d503

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
x-content-type-options: nosniff
age: 264251
x-cache: HIT
content-length: 1959
x-response-time: 110
surrogate-key: profile_images profile_images/bucket/6 profile_images/1165118373585403904
last-modified: Sat, 24 Aug 2019 04:25:21 GMT
server: ECS (mil/6CF5)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: fa8cbc64f80e433188a058511cff4d82803a9fa48b2fe1d9d4945f64f77f1c81
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 0YdvRUp3_normal.jpg
pbs.twimg.com/profile_images/1233771657581547523/ Frame 5D55 2 KB
2 KB 62ms
61ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1233771657581547523/0YdvRUp3_normal.jpg

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CDF) /

Resource Hash

1de1b94f2eb27f99f30e3a3afdfc9db5333cca95520d2342b73ee5db60fd8bae

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
x-content-type-options: nosniff
age: 6597
x-cache: MISS
content-length: 1959
x-response-time: 180
surrogate-key: profile_images profile_images/bucket/0 profile_images/1233771657581547523
last-modified: Sat, 29 Feb 2020 15:09:00 GMT
server: ECS (mil/6CDF)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 3914489eb99332c1e1ea576e218ef8be086c0873fb3dfccb7a11f09d5b2255d8
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 PpXyevIF_normal.jpg
pbs.twimg.com/profile_images/817871248063610881/ Frame 5D55 2 KB
2 KB 42ms
42ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/817871248063610881/PpXyevIF_normal.jpg

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CF6) /

Resource Hash

605eefd6f113ffc50e197d237861a4fbfefc52a781370ed5ad047e2e32632091

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
x-content-type-options: nosniff
age: 599415
x-cache: HIT
content-length: 1883
x-response-time: 123
surrogate-key: profile_images profile_images/bucket/9 profile_images/817871248063610881
last-modified: Sat, 07 Jan 2017 23:09:15 GMT
server: ECS (mil/6CF6)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 723106a5859c36a302783520de0da1dbd72e3ea17b5cb22350073e95ecc7909c
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 E520b31VIAMiSRo
pbs.twimg.com/media/ Frame 5D55 37 KB
38 KB 41ms
41ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/E520b31VIAMiSRo?format=jpg&name=small

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CF5) /

Resource Hash

bdb581fa06f3f03a95aabe175a9d30c381faaf15cc34c35a0ff4c5cc13c45f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
x-content-type-options: nosniff
age: 213487
x-cache: HIT
content-length: 38316
x-response-time: 108
surrogate-key: media media/bucket/3 media/1413484249001304067
last-modified: Fri, 09 Jul 2021 13:02:40 GMT
server: ECS (mil/6CF5)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 275d91be14f908b93dd221ac7afa2e39a3882dd594f564cc4b4fe5b09c77ab46
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 EJQs_KmUcAAujwA
pbs.twimg.com/media/ Frame 5D55 31 KB
31 KB 53ms
51ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/EJQs_KmUcAAujwA?format=jpg&name=small

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CE5) /

Resource Hash

058b7f33a61ef0de50995d1e74f6d171f0923c3305824a47bf588c6c4cf2fd8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
x-content-type-options: nosniff
age: 344835
x-cache: HIT
content-length: 31653
x-response-time: 109
surrogate-key: media media/bucket/9 media/1194629264848482304
last-modified: Wed, 13 Nov 2019 14:51:06 GMT
server: ECS (mil/6CE5)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 4285de971385a65c6c997170e082ca818488a67873077b819653f1d47d149a77
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 D2wzfrBX4AEGE9H
pbs.twimg.com/tweet_video_thumb/ Frame 5D55 3 KB
3 KB 52ms
50ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/tweet_video_thumb/D2wzfrBX4AEGE9H?format=jpg&name=small

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CEF) /

Resource Hash

3d56f2bc68d9d190a05df1dc24bd2653eaff3c20660fa4e8b4fda71ebd8ada64

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
x-content-type-options: nosniff
age: 343536
x-cache: HIT
content-length: 3024
x-response-time: 115
surrogate-key: tweet_video_thumb tweet_video_thumb/bucket/1 tweet_video_thumb/1111319827271114753
last-modified: Thu, 28 Mar 2019 17:29:08 GMT
server: ECS (mil/6CEF)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: adb0d2004cfc6fc3ffc1f0b918f71f7c60a8c3cd175909f07300031dc2b512e1
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 D1ErO9GW0AQ_Cn_
pbs.twimg.com/tweet_video_thumb/ Frame 5D55 4 KB
4 KB 54ms
51ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/tweet_video_thumb/D1ErO9GW0AQ_Cn_?format=jpg&name=small

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CF6) /

Resource Hash

0df35dc4906a0b5425ab3e2dd3e7b4aee3c01734f8966c3f38aade193df6bbca

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
x-content-type-options: nosniff
age: 343535
x-cache: HIT
content-length: 4144
x-response-time: 113
surrogate-key: tweet_video_thumb tweet_video_thumb/bucket/9 tweet_video_thumb/1103710919601868804
last-modified: Thu, 07 Mar 2019 17:34:03 GMT
server: ECS (mil/6CF6)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 2d1a5d3f05b94f47734ec8147670b5e101b603d09b7b3f7097f4cfe6a63bd1ed
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 D05-zlYXgAUGuMn
pbs.twimg.com/media/ Frame 5D55 43 KB
43 KB 58ms
56ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/D05-zlYXgAUGuMn?format=jpg&name=small

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (mil/6CF6) /

Resource Hash

4a2266339c6f702080a356cb4823f95f42dfb25eb49dc3b5f6d56711761379a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
x-content-type-options: nosniff
age: 460854
x-cache: HIT
content-length: 43575
x-response-time: 107
surrogate-key: media media/bucket/5 media/1102958383425093637
last-modified: Tue, 05 Mar 2019 15:43:45 GMT
server: ECS (mil/6CF6)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: f8c01d85f101c9d695d47a3354f54b7dba31f8bbb09f9ad4a05594c6abe42bc3
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
DATA 200
OK truncated
/ Frame 1E39 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bdf5181c852e0b65e1f2fc47c0ed65d67785469ef79d3e429f53c917e95e12fe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js Show response
pagead2.googlesyndication.com/bg/ Frame 681B 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53f0cf5f2fef7e5a938d553f62eb56266d1ac4e244eb7dcd40630614485fdacd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 14 Dec 2021 13:27:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 108887
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13577
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 14 Dec 2022 13:27:12 GMT

GET
H2 200 syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css
ton.twimg.com/tfw/css/ Frame 5D55 44 KB
7 KB 154ms
38ms Stylesheet
text/css 2606:2800:233:7ee2:97c:ab4c:6c70:be36
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://ton.twimg.com/tfw/css/syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:7ee2:97c:ab4c:6c70:be36 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (mil/6C76) /

Resource Hash

a549034009f79ead18a2154a8b730d8acb61e2f36c0434c0f9cff0f73df5d8cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 544850
x-ton-expected-size: 45170
x-cache: HIT
vary: Accept-Encoding
content-length: 6839
x-response-time: 6
surrogate-key: tfw
last-modified: Tue, 14 May 2019 18:53:54 GMT
server: ECAcc (mil/6C76)
etag: "4mhImCFS9rptiUICNnLD1g=="
strict-transport-security: max-age=631138519
content-type: text/css
access-control-allow-origin: *
x-connection-hash: 33dcb5d9374f592ffd4a35d6b87a14985d5ac2f1cd6efe8ee148f2d40a35230f
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
expires: Wed, 22 Dec 2021 19:41:59 GMT

GET
H2 200 syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css
ton.twimg.com/tfw/css/ 44 KB
44 KB 156ms
41ms Image
text/css 2606:2800:233:7ee2:97c:ab4c:6c70:be36
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ton.twimg.com/tfw/css/syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:7ee2:97c:ab4c:6c70:be36 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (mil/6C76) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 544850
x-ton-expected-size: 45170
x-cache: HIT
vary: Accept-Encoding
content-length: 6839
x-response-time: 6
surrogate-key: tfw
last-modified: Tue, 14 May 2019 18:53:54 GMT
server: ECAcc (mil/6C76)
etag: "4mhImCFS9rptiUICNnLD1g=="
strict-transport-security: max-age=631138519
content-type: text/css
access-control-allow-origin: *
x-connection-hash: 33dcb5d9374f592ffd4a35d6b87a14985d5ac2f1cd6efe8ee148f2d40a35230f
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
expires: Wed, 22 Dec 2021 19:41:59 GMT

GET
H3 200 U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js Show response
pagead2.googlesyndication.com/bg/ Frame 6CEA 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53f0cf5f2fef7e5a938d553f62eb56266d1ac4e244eb7dcd40630614485fdacd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 14 Dec 2021 13:27:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 108887
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13577
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 14 Dec 2022 13:27:12 GMT

GET
H3 200 logo1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/ Frame 681B 1 KB
1 KB 16ms
16ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/logo1.png?1607436056177

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8608afd205f591ed8e56ade592dae129c7836fdb91d1259868f0645fea9ca6a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 477490
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1070
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Fri, 10 Dec 2021 07:03:49 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 10 Dec 2022 07:03:49 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b38a6c54b37b6245c2741183d40e6b3b.png
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 162523b35a7ab39f1e12b85b48dc5dc53d51b867c4ac7490a6e1851f72f59b61

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Wed, 15 Dec 2021 19:41:59 GMT
via: 1.1 varnish, 1.1 varnish
age: 4134021
edge-cache-tag: 548326101841219537467387756674379334140,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 33
expiration: expiry-date="Fri, 05 Nov 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/b38a6c54b37b6245c2741183d40e6b3b.png
content-length: 8544
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
last-modified: Tue, 05 Oct 2021 14:38:58 GMT
server: nginx
x-timer: S1639597319.099393,VS0,VE0
etag: "9dd11341fb4cc30e8aa7b2e985c0a87a"
x-served-by: cache-wdc5571-WDC, cache-dca12927-DCA, cache-cdg20753-CDG
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/97b2c47246ac240b4c707a5eb02e51d6.jpg
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: a804d039c3e5a8ce2adf20de56ee26ecf54f07c0a6a1c2c677b9d971580745f5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Wed, 15 Dec 2021 19:41:59 GMT
via: 1.1 varnish, 1.1 varnish
age: 148367
edge-cache-tag: 371231349368601501045916157343057483449,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag: 371231349368601501045916157343057483449,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 99
x-envoy-upstream-service-time: 162
expiration: expiry-date="Sat, 25 Dec 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/97b2c47246ac240b4c707a5eb02e51d6.jpg
content-length: 9198
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
last-modified: Wed, 24 Nov 2021 07:21:35 GMT
server: nginx
x-timer: S1639597319.099413,VS0,VE0
etag: "e6e226760dd83f230f0c6f5f1ad238c6"
x-served-by: cache-bwi5069-BWI, cache-dca17741-DCA, cache-cdg20753-CDG
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/670f74e7f0dbcfacfed2ed500da463f5.png
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 14053ecb671ff488b7b8228571991f0bce2b091cdb3209415575029d76bd56c4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Wed, 15 Dec 2021 19:41:59 GMT
via: 1.1 varnish, 1.1 varnish
age: 1806491
edge-cache-tag: 490768624821855931895175027602589218109,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 35
expiration: expiry-date="Sat, 25 Dec 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/670f74e7f0dbcfacfed2ed500da463f5.png
content-length: 6104
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
last-modified: Wed, 24 Nov 2021 19:21:06 GMT
server: nginx
x-timer: S1639597319.103143,VS0,VE0
etag: "3c16ceb3633fb045b3ba7449aaae50f5"
x-served-by: cache-wdc5530-WDC, cache-dca17755-DCA, cache-cdg20753-CDG
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//creator.skyneto.com/public/uploads/2c3e4218a9974d62.png
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 8c28f43c738eebf695e54215e8bd2c7a15e7d357b74c14b46b6b98ee296814af

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Wed, 15 Dec 2021 19:41:59 GMT
via: 1.1 varnish, 1.1 varnish
age: 1749938
edge-cache-tag: 500627394768150068980240346248597141906,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 1037
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//creator.skyneto.com/public/uploads/2c3e4218a9974d62.png
content-length: 5856
x-request-id: 12afb6b05ae18a2af07c8a41adf1b8c5
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
last-modified: Wed, 24 Nov 2021 14:33:20 GMT
server: nginx
x-timer: S1639597319.125368,VS0,VE0
etag: "7c65acbc9844af884be2581bcec2b5e5"
x-served-by: cache-dca17731-DCA, cache-dca17781-DCA, cache-cdg20753-CDG
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/497443b63ec997a4c446d3c751d9970c.jpg
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 02bb1965d8a1debcb265725fa1972fca9d672b50c166fadece2890a37caecd9c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Wed, 15 Dec 2021 19:41:59 GMT
via: 1.1 varnish, 1.1 varnish
age: 1239320
edge-cache-tag: 479673172897681819399237338885909140132,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 157
expiration: expiry-date="Fri, 10 Dec 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/497443b63ec997a4c446d3c751d9970c.jpg
content-length: 4606
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
last-modified: Tue, 09 Nov 2021 09:47:41 GMT
server: nginx
x-timer: S1639597319.126960,VS0,VE0
etag: "04ea3348fbe7e1b0e3807f580d9b7386"
x-served-by: cache-dca17764-DCA, cache-dca17729-DCA, cache-cdg20753-CDG
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/93c9785c12d1b5172b01dee4021896c6.jpg
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 2ccdc901f6b4db7fecff0e6ba92996377dc9c64e3e86d50b0e0f3856b58ad363

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Wed, 15 Dec 2021 19:41:59 GMT
via: 1.1 varnish, 1.1 varnish
age: 2685896
edge-cache-tag: 549895748257841493636353795109578571107,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 78
expiration: expiry-date="Sun, 05 Dec 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/93c9785c12d1b5172b01dee4021896c6.jpg
content-length: 9962
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
last-modified: Thu, 04 Nov 2021 16:46:18 GMT
server: nginx
x-timer: S1639597319.127040,VS0,VE0
etag: "38d63214bbe53009ed5ce48cb7aff51e"
x-served-by: cache-wdc5569-WDC, cache-dca17747-DCA, cache-cdg20753-CDG
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 2

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f42b6c9dab0b73174621c0daba5d82d4f2d841fed05a3784952e660b13fb78b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 adview.htm
rt3025.infolinks.com/action/ 0
186 B 144ms
142ms Image
text/html 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rt3025.infolinks.com/action/adview.htm?rid=4805290f-2269-4720-b333-89ec78b6b13f&bdc=1&midx=0&emd=ODgzfjM5NDFfNzg4Mjc4MTV-Nzg4Mjc4MTU&rts=1639597319090&prod_t=d&jsv=1769.027-3.025&skin=sidebar&theme=lightBlue&sdata=net&scs=lqmGBxHvwH&rsd=XHhha1PQomVG8Q7PLfNlrIrRPlbWXf_DrdK7MtNS91STfXUZIxsh8r-hS6UyPULhDojTt8B4ZwWpRK3PekCBlQZcDEwbdAj_d_LnZ8anFN8oQDA6pOYddEezQzPAiA0YFxNa8wxQEssB7b0Knd317aXGykPN_0C_&rsk=40&rcs=SWNx7Ohs4tU8NOMr-mVPYg
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Dec 2021 19:41:59 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: text/html;charset=UTF-8
cache-control: no-cache,no-store
cf-ray: 6be2270c9de554e1-MAN
content-length: 0
x-application-context: application:prod
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 UnitWidgetItemDesktop.min.js Show response
vidstat.taboola.com/lite-unit/1.4.0/ Frame 36D3 79 KB
24 KB 20ms
17ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/lite-unit/1.4.0/UnitWidgetItemDesktop.min.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20211215-1-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e92552bc193c8bae835c7b6db6eea8a39593fa14fb75a227f738c415330cc84e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
via: 1.1 2ba5677785db2f66bc73820b2a261477.cloudfront.net (CloudFront), 1.1 varnish
age: 2401819
x-cache: Miss from cloudfront, HIT
content-encoding: gzip
content-length: 23743
x-served-by: cache-cdg20753-CDG
last-modified: Tue, 31 Mar 2020 13:14:35 GMT
server: AmazonS3
x-timer: S1639597319.146873,VS0,VE0
etag: "b683c290896a82c974838a04b4ea4aff"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: CDG50-P2
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: 3T8Zs_rJdhtrCy8BaVvHNzQpNR_P2g1lGfBOV7Gay0se3VtljH82pA==
x-cache-hits: 33123

GET
H/1.1 200
OK ab Show response
lax1-ib.adnxs-simple.com/ Frame 17A4 15 KB
7 KB 506ms
183ms Script
application/javascript 104.254.148.196
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://lax1-ib.adnxs-simple.com/ab?an_audit=0&referrer=www.threatminer.org&e=wqT_3QK4KWy4FAAAAwDWAAUBCIaK6Y0GEPHLt6KDkoOtHhj_EQF4ASo2CW6-Ed2zrpE_EVVd0fdkD44_GQAAAOCjcBlAIRESACkRJNAxAAAAgD0Ktz8wspn5CDizGUDlHkhlUKeiyyVYnMuFAWAAaJ3JnAF46t4FgAEBigEDVVNEkgUG9F4BmAHYBaABWqgBAbABALgBAsABBcgBAtABANgBAOABAPABALICATDYAqRD4ALq-SXqAhN3d3cudGhyZWF0bWluZXIub3Jn8gIMCgZIRUlHSFQSAjkw8gIMCgVXSURUSBIDNzI48gIhCgZMT0FERVISF3JlbmRlcl9wb3N0X2Fkc192MS5odG1s8gIYCgpJRlJBTUVfS0VZEgoxMjk4NDQ2ODE58gKiDwoLUFJFX1NDUklQVFMSkg88c2NyaXB0PihmdW5jdGlvbigpey8qCgogQ29weXJpZ2h0IFRoZSBDbG9zdXJlIExpYnJhcnkgQXV0aG9ycy4KIFNQRFgtTGljZW5zZS1JZGVudGlmaWVyOiBBcGFjaGUtMi4wCiovCnZhciBoPXRoaXN8fHNlbGY7LyoKCiBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMAoqLwpmdW5jAZxgIGsoYil7a1siICJdKGIpO3JldHVybiBifQkTED1mdW5jASjwUigpe307dmFyIG09UmVnRXhwKCJeaHR0cHM_Oi8vKFxcd3wtKStcXC5jZG5cXC5hbXBwcm9qZWN0XFwuKG5ldHxvcmcpKFxcP3wvfCQpIik7CmZ1CVkAIAFbAVkIYj1oBWEMYz1bXQUJIGU9bnVsbDtkbwUfGGE9Yjt0cnkFDCxkO2lmKGQ9ISFhJiYBJBwhPWEubG9jYQGpIC5ocmVmKWI6ewEtkGsoYS5mb28pO2Q9ITA7YnJlYWsgYn1jYXRjaChsKXt9ZD0hMX0BfQhnPWQZFwBnARYQaWYoZykFbgBmPl4AODtlPWEuZG9jdW1lbnQmJhkMKC5yZWZlcnJlcnx8AZckfWVsc2UgZj1lLA3LTGMucHVzaChuZXcgcChmfHwiIikpBdUkYj1hLnBhcmVudBmGAGIF__BAfX13aGlsZShiJiZhIT1iKTthPTA7Zm9yKGI9Yy5sZW5ndGgtMTthPD1iOysrYSljW2FdLmRlcHRoPWItYTthPWghKzkeAa41KjhhbmNlc3Rvck9yaWdpbnNuHAANawA9HXUAKQmGDDE7YjwRikw7KytiKWY9Y1tiXSxmLnVybHx8KAUILkIBOnYAFFtiLQoxXSEMGCxmLmg9ITAB4ykiAGgZqyHVFCwhMSk7ZiUWJQIEZT0yBAEgMDw9ZTstLWUpIbpEPWNbZV0sIWYmJm0udGVzdChnAY8gKSYmKGY9ZyksBQ4oJiYhZy5oKXthPWdJGwB9DV0AZRXmBCYmAcwBOwQ7MEFlAGQhWggmJmUFSAEbCCk7YwWtEHEoYSxmdT4UYy5nP2MuBWUMOmMuaQFAAH1xSTQgcShiLGMpe3RoaXMuaUHVAQkIZz1jGSIAcB0iCHVybBEkFGg9ISFjOwUvBYglCgR9OxVZBHIoSbCIYj1uKCksYz1iLmluZGV4T2YoIj8iKTtzZXRUaW1lb3V0KGZ51UH9RGU9dm9pZCAwPT09ZT8uMDE6ZUE1RCEoTWF0aC5yYW5kb20oKT5lKQlfBGE9UfsMLmN1ckG0KFNjcmlwdDthPShhGUoEYT9hA6A6YSkmJiI3NyI9PT1hLmdldEF0dHJpYnV0ZSgiZGF0YS1qYyIpP2E6ZG1OQC5xdWVyeVNlbGVjdG9yKCdbDSUAPQFEGF0nKTtlPSKFd1g6Ly9wYWdlYWQyLmdvb2dsZXN5bmRpY4kDCGNvbQ0ekC9nZW5fMjA0P2lkPWpjYSZqYz03NyZ2ZXJzaW9uPSIrKGEmJmFWmAAALQ0mkCIpfHwidW5rbm93biIpKyImc2FtcGxlPSIrZTthPXdpbmRvdzshR42WMGEubmF2aWdhdG9yKWQuDgBQLnVzZXJBZ2VudCxkPS9DaHJvbWUvSZ4gZCkmJiEvRWRnGREcPyEwOiExO2RhlhVRMC5zZW5kQmVhY29uPwodaR0YFChlKTooYS0VQF9pbWFnZV9yZXF1ZXN0c3x8XhoAED1bXSksAa4x3AQsZDnLBGQ_ERY8OmQsZD1kLmNyZWF0ZUVsZaEBPCgiaW1nIiksZC5zcmM9ZSxafACJ-xhkKSl9fSwwdSpcMDw9Yz9iLnN1YnN0cmluZygwLGMpOmJ9KVcMLnJmbC6CBs2dgGVuY29kZVVSSUNvbXBvbmVudChyKCkpfTt9KS5jYWxsKGEkECk7Cjwv7Ypo8gLJAgoKRVhUUkFfVEFHUxK6AjxkaXYgc3R5IckMcG9zacE7ZDogYWJzb2x1dGU7IGxlZnQ6IDBweDsgdG9wDQpkdmlzaWJpbGl0eTogaGlkZGVuOyI-PGltZyAB--KZAhRhd2JpZCYFBvCGX2I9QUtBbWYtRE5Ia2ltTXpBQVFubVl3S0ZVMWsydm5mWEhsTUFoYkJQNjZZbmVSbU54M0ZDTGFkVXlmaGMyc19VOTc2WkdYQ20xN0xCcUJvd1RWSDViVHJ0S2ZmRTluYmNjNXciIGJvcmRlcj0wIHdpZHRoPTEgaGVpZ2h0PTEgYWx0PSIiMRqoZGlzcGxheTpub25lIj48L2Rpdj7yApoBCgxQT1NUX1NDUklQVFMSiQE8c4UENggBaZlQYWRzLmcuZG91YmxlY2xpY2submV0cZ88eGJmZV9iYWNrZmlsbC5qcwFlLbUNUy5HCSgge3IzcHgoJzEyORqACRwnKTt9KSgpOz3rEJwPChBIAZ40UE9SVF9QQVJBTVMShw-RNoqVAPB9YWRmZXRjaD9hZGs9NDE1MjA0ODAyMSZhZHNhZmU9bWVkaXVtJmNsaWVudD1jYS1wdWItMzA3Njg5MDAxMjc0MTQ2NyZmb3JtYXQ9NzI4eDkwX2FzJmlwPTE4NS4yMzIuMjMuMCZvdXRwdXQ9aHRtbCZ1bnZpZXdlZF9wb3NpQYogX3N0YXJ0PTEmof8Ad0bUChAmc3ViXw2CAGJBifB9ci00OTgyNDIyJmhsPWRlJmFjZWlkPU1ERFU1Z0Q1VlRRQmttQTBBUzlqTkFHU2JUUUJzVzQwQWVWdU5BR25ielFCd204MEFSUndOQUVlY0RRQlhuQTBBWXR3TkFHMWNEUUIzWEEwQVE1eE5BRlVjVFFCVlhFMEFXWnhOQUY0ARAsaDNFMEFhQnhOQUdqARAsdFhFMEFkRnhOQUhTBRD0XAgyeEJBVXR6UVFGVGMwRUJ0QjFjQWpqSVhBTFc5b2dDUWZlSUFyTDNpQUo1UUtvQ0owS3FBaWhDcWdKc1c2b0NmbUtxQW1kb3FnSjZjNm9DX25pcUF1SjdxZ0x1aHFvQ2pZcXFBb0NicWdLQm02b0NncHVxQWhhbnFnS2xwNm9Db3FpcUF0NnJxZ0lzcktvQ0hLNnFBaDZ1cWdLVnI2b0NkN0NxQW5td3FnS0FzS29DZ3JDcUFvbXdxZ0toczZvQ3RyU3FBc2UxcWdKVHVxb0NyOENxQXV6QnFnTFd6S29DS00ycUFqTE9xZ0pOenFvQ3U4NnFBczdUcWdKTjFhb0NTZGFxQXBQWHFnSXMyS29DajlpcUFqN1pxZ0o5MmFvQ2U5cXFBaDdicWdLYTNLb0NyZHlxQWtfZHFnSW8zcW9DTnQ2cUFsWGVxZ0o5M3FvQ29kNnFBc2JlcWdMbDNxb0NrLUtxQXRUaXFnSmo0Nm9DOXVPcUF2dmtxZ0tnNWFvQzR1V3FBZ2ZucWdKczZLb0MzdWlxQW83cXFnSzI2cW9DOC11cUFrYnNxZ0tVN0tvQ24teXFBa3Z0cWdKajdhb0NQTzZxQXJ6WXRnZjgxMzhJMFlZakNxM09aUTVadGZzU0ljWDdFZ2JKLXhKT3pmc1N6dEg3RXJ2Yy14TDU1ZnNTQk9yN0VrcnIteEo3Nl9zU3AtdjdFaUhzLXhLQTdQc1NpdXo3RW1idC14Snk3ZnNTNE8zN0VoRHcteEpBOFBzU2xtWmtFLWxiMEJPY3l4d1k5MVpyR2tnZnJCdUd2UDhqV3dDU0tkZk90UzRwSXZwQzlqLWZUQSZleGs9MTI5ODQ0NjgxOSZhd2JpZF9jPUFLQW1mLURVcmFvbjdaZk4zQ2pGaGZ1MWRyYjFEazktT2xxcGRKRFZPejhWbWJFeDU2NEtTZVZ1dDljc0JFNV9RZXhaM3BfTVBpRHpUaE1jZzFfaXdLRzl5ZzNYeC1kdDFpenM4MVFtREpoT1ZLQTdwTEpCd19QR09UMS1wVmh2MFJXU1dMbzlyUFFhWDBnU2tNQ3cyaFFBVzNzQThwLWhLUSZhd2JpZF9kPUFLQW1mLUFfcVZ1dC1YTXlka2N2LWFLMnU2enZHSF94Q1ZCSmlYam1WcGRybGwyWEJfQXJ5b1JtcUV0cVdBMUhkSzJYZlBOZ3NCbVN4VFU1OXF2ZlExWkNfMl9UejkzN1lmTXZSVVc3c2pPZWhlbFRpY283ZUV0azlpS0MwMFludlJhOXBFZmR0aWtndDdZaWFaa2NzVWJ2Mk5LbkdzbjRSR1NDeVo0ZHFkMnktdTlhU3dReGNlakI5RWo2SFlra3VkbmVIN3NJWWJ1S3FmSEpqSjVmX3l5TDJTNl9XNmNXdzB1U3VNNlF0ZjBRdUpUT2RQLTZocFpGbGUwOHE3SE1hWTVlRFhWTUs3dVpKQXpSTjh5WkNyWURZZVd0Z29MaHg3N1pxMVpVUkJCM055QkpKN1RnZ3JjTnhGa0xBcGdOdkNQaFRZLWhjQmZRNlhuZk1YWmRWWkZHT3RheDBPYlVMbWVXSGdlVzlYRFMxOEFZbHZXMDlRX1BIZjZPU1BTY295bmxWNnFZVUZMcnBscHh1QUVUR3NjWjJuLW1hOEE5ZGV2dmJDdXM0ZmZiUjI0V2kzRjBmY0xVWXhnWU9sTXlMTHNGeXJ1R3I4Nk5jMF90cHVTMDlZX0xRWnZvNWZqWlk2a0ZzSmJYLWVhb2NZN1pqNndzbUhnbzhsdnp0S09vUUgzMU4xR1NwZXNRSjgtRXM5RDZoRmdLREdBNldnNkd4bXhSUEIxUThYeVZ2bVAtb0NOcnJDazVnWndfZklUU2tkU0FnUVFFWUNuZUxBWFBJRGxxbV9Od191UERDS0Y1TXNUUU1lbkhSR1NXZFlfM1RsU2xtTFl2ejZuS3ZUWVJNVXJBWFl2Vy1jSlNlTTA2Q2JPdkVJWEx3SU5GX3hRXzhObkdjQnVRQ080UGZfNDdZakNydFVvJmNpZD1DQUFTQk9Sb2hiZyZhX2NpZD2AAwGIAwCQAwCYAxSgAwGqA-oBCr8BaHR0cHM6Ly9wYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbS9wYWdlYWQvZ2VuXzIwND9pZD1hd2JpZCZhd2JpZF9iPUFLQW1mLURCNnVtNmVSa1o1QmdYdURVSlNXR3NYLWFwZ0p5QS02OXQxOWJXOTV0Ui0wZ05iUlRzaF9CcEdvVkRQQTJUbE01SkZVRzlzMGtOZlI4M3NRMzZ5R1UyS1psaU5nJnByPTEwOiR7QVVDVElPTl9QUklDRX0aEzIxODcwNzQzODI1MzQxNDE0MjUiCDc4ODI3ODE1KgQzOTQxOgEwwAOsAsgDANgDAOADAOgDAPgDA4AEAJIECS9vcGVucnRiMpgEAKIEDjE4NS4yMzIuMjMuMTgwqASeAbIEDAgAEAAYACAAMAA4ALgEAMAEAMgEANoEAggB4AQA8ASnossliAUBmAUAoAWVzaOL9sX4vDCqBSo0ODA1MjkwZi0yMjY5LTQ3MjAtYjMzMy04OWVjNzhiNmIxM2Z-ODgzfjHABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AWy1gH6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AG7o8B2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcMMTMyMzQ3MTk2ODQ5ugcPCAAQABgAIAAwADi_BkAAyAfq3gXSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwBwCKCAIQAA..&s=6dc008e505dadf01526375899aab1cd463386c06&pp=0.014678

Requested by

Host: blank
URL: about:blank

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.254.148.196 Los Angeles, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

547.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

bfb28d10aca387e17862bad9d67e7fea3669798710dac1e747b2222f92db6e6e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 19:41:59 GMT
Content-Encoding: gzip
X-Creative-ID: 78827815
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.232.23.181; 185.232.23.181; 547.bm-nginx-loadbalancer.mgmt.lax1; adnxs-simple.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: f5491e0e-48aa-4dff-a964-87b190e87506
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/ 149 KB
53 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202112060101/reactive_library_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3fb03c5889929639808be7ec57fdcac0a13e2bc5de31ac48723aeca4c2ff246e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54385
x-xss-protection: 0
server: cafe
etag: 4993246191385855005
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Dec 2021 19:41:59 GMT

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ 43 B
339 B 100ms
99ms Image
image/gif 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?imp=8skon082b8r7fp&experiment=network_default&variant=fallthrough&service=dynamic&area=top&product=embed&forum=threatminer&zone=thread&version=9068118211410bc5f67f5bb8d6806cba&page_url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7%23gsc.tab%3D0%26gsc.q%3Df326e2b2eb1f84179c8d81fb31d22ea7%26gsc.page%3D1&page_referrer=&object_type=advertisement&provider=taboola&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Anetwork_default%3Afallthrough&object_id=%5B184193%5D&section=default&verb=load&advertisement_id=184193&forum_id=5993718

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 19:41:59 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H3 200 logo2.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/ Frame 681B 1 KB
1 KB 7ms
7ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/logo2.png?1607436056177

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7412205e80b068ac2a5bea19ef9686ece2d7b2ac3a724bd80150268a187b4ebf

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 51926
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1450
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Wed, 15 Dec 2021 05:16:33 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 15 Dec 2022 05:16:33 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 530E
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

55ms
54ms

Document
text/html

2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 15 Dec 2021 19:41:59 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 15 Dec 2021 19:41:59 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 15 Dec 2021 19:41:59 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js Show response
pagead2.googlesyndication.com/bg/ Frame 6FDD 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53f0cf5f2fef7e5a938d553f62eb56266d1ac4e244eb7dcd40630614485fdacd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 14 Dec 2021 13:27:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 108887
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13577
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 14 Dec 2022 13:27:12 GMT

GET
H3 200 tableau1.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/ Frame 681B 6 KB
6 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/tableau1.jpg?1607436056177

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fb409f2542af7f68d9484417a5abf64e76fa0f0ac6e09961f35bdfc528e19eb4

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 13688
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6343
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Wed, 15 Dec 2021 15:53:51 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 15 Dec 2022 15:53:51 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 17ms
16ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.threatminer.org

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 15 Dec 2021 19:41:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 17ms
17ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.threatminer.org

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 15 Dec 2021 19:41:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/ Frame 4D30 11 KB
5 KB 9ms
7ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 15 Dec 2021 19:07:16 GMT
expires: Wed, 29 Dec 2021 19:07:16 GMT
content-type: text/html; charset=UTF-8
etag: 17731914101004188133
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4884
x-xss-protection: 0
age: 2083
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/ Frame 5112 11 KB
5 KB 9ms
7ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 15 Dec 2021 19:07:16 GMT
expires: Wed, 29 Dec 2021 19:07:16 GMT
content-type: text/html; charset=UTF-8
etag: 17731914101004188133
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4884
x-xss-protection: 0
age: 2083
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cta-branding.js Show response
cdn.taboola.com/demand-formats/cta-branding/ Frame 0D52 19 KB
6 KB 17ms
16ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/demand-formats/cta-branding/cta-branding.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20211215-1-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a351fd92e5702efce917edb3a5fa5e15b0c2c01b05c72004d183ea3cd0ac8cc4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: n7qu5_m2oY3yYk8zx0ISQgopnHkiUO7s
content-encoding: gzip
etag: "103abcd7af0ff73c2bca84d874ada0e2"
age: 16106
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 6020
x-amz-id-2: YDx8ixBSqxXS2HZpjfRchhEsQtEd5TruO6mhwuG1kzUTpEjmOdZREYpGNBC7CY7+e3MBxBkFJ7Q=
x-served-by: cache-cdg20753-CDG
last-modified: Tue, 30 Nov 2021 12:15:08 GMT
server: AmazonS3
x-timer: S1639597319.303482,VS0,VE0
date: Wed, 15 Dec 2021 19:41:59 GMT
vary: Accept-Encoding
x-amz-request-id: DM4HW9MVZE6JK647
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript
abp: 50
x-cache-hits: 176614

GET
H2 200 cta-branding.css
cdn.taboola.com/demand-formats/cta-branding/ Frame 0D52 2 KB
984 B 17ms
17ms Stylesheet
text/css 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/demand-formats/cta-branding/cta-branding.css
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20211215-1-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8061c17ad6d7b8805745d8f136437acc8abe498fed1a01cec4d142b55def3c55

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: 8oi59FmV5lZnBSZug04yEHoBr2VIEPOj
content-encoding: gzip
etag: "44e0fb48ae5c8af459ee8102bcc39ee7"
age: 16105
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 702
x-amz-id-2: Hs6EZr/EArx6ocAQ5bjqQKjq52SnT6w/gdOoc/rFH+7hwG2YSgftgvlss6OmaZEiJ2/KIM5a3LU=
x-served-by: cache-cdg20753-CDG
last-modified: Tue, 30 Nov 2021 12:15:07 GMT
server: AmazonS3
x-timer: S1639597319.303720,VS0,VE0
date: Wed, 15 Dec 2021 19:41:59 GMT
vary: Accept-Encoding
x-amz-request-id: DM4NSDRWAZYDHD8M
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: text/css
abp: 50
x-cache-hits: 174369

GET
H2 200 tfa-eid.20211215-1-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ Frame 0D52 14 KB
5 KB 17ms
17ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/tfa-eid.20211215-1-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3d960434d20fce0cccb3e322162f4be302f45f67e3f7498a8792ba5a8b356ec3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: 8ZrJJ643qvhcp1tlvuMVvDKw2ZIP.HVa
content-encoding: gzip
etag: "fc9651aa9f7ccbd8fe7ecbd6db6a2576"
age: 4842
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 5061
x-amz-id-2: WXrbnhZapU7Fx0W2LdmV8czGzaX5WWIJMKdskdrUXmuT1auH3hYN9epsWdKU1EetWFYXyml3kVI=
x-served-by: cache-cdg20753-CDG
last-modified: Wed, 15 Dec 2021 10:13:12 GMT
server: AmazonS3
x-timer: S1639597319.304890,VS0,VE0
date: Wed, 15 Dec 2021 19:41:59 GMT
vary: Accept-Encoding
x-amz-request-id: 1W1KXMDMGRQVJ6AM
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 50
x-cache-hits: 43120

GET
H2 200 sha256.20211215-1-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ Frame 0D52 6 KB
3 KB 18ms
17ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/sha256.20211215-1-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6ee9558dd324e8fbd50417903c8cb1f5b37b6798310a8514c0c46de35f6b623d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: T5oeRdj5IIjw2xUwEY5d0rF54dwWiEv_
content-encoding: gzip
etag: "5074f4139cc735fff8aaacb66113eb3f"
age: 81
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 2590
x-amz-id-2: uq1u9T9AdF6eRI9Sr5x8hIDPSZKtIdEgf5GFu5TdnSZ4J8DtXAvxRfB6ICaJdxU/3uzOflp6BDg=
x-served-by: cache-cdg20753-CDG
last-modified: Wed, 15 Dec 2021 10:14:29 GMT
server: AmazonS3
x-timer: S1639597319.305192,VS0,VE0
date: Wed, 15 Dec 2021 19:41:59 GMT
vary: Accept-Encoding
x-amz-request-id: VHRM4DJ1XEX24HHF
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 50
x-cache-hits: 682

GET
H2 200 tb Show response
15.taboola.com/ Frame 0D52 4 KB
3 KB 32ms
31ms XHR
text/html 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://15.taboola.com/tb?oid=15&pubnm=disqus-widget-safetylevel20longtail09&unitType=226&tbloc=&pageType=text&pstn=%7B%22domain%22%3A%20%22https%3A%2F%2Fwww.threatminer.org%22%2C%20%22experiment%22%3A%20%22network_default%22%2C%20%22position%22%3A%20%22bottom%22%2C%20%22shortname%22%3A%20%22threatminer%22%2C%20%22variant%22%3A%20%22fallthrough%22%7D&uuip=&cisrf=https%3A%2F%2Fwww.threatminer.org%2F&cirf=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&encoded=1&uid=e9c935c0-cb37-453a-8af2-fa9f019e216c-tuct8b3ca86&variant=-100|478542&callback=TRC.videoTagCallbacks.videoCallback1&cb=1639597319304&tagid=&cntry=DE&platform=1&sesid=f42f5588778c7497cf585e0d08350352&itemid=/sample.php&viewid=1639597318272&geolat=&geoing=&deviceifa=&appid=&sd=v2_f42f5588778c7497cf585e0d08350352_e9c935c0-cb37-453a-8af2-fa9f019e216c-tuct8b3ca86_1639597318_1639597318_CIi3jgYQktQ_GIDB9vzbLyABKAEwODib4wlAhIoQSPCs2QNQo-wQWABgAGiApKeijMutlDNwAA&ri=e35cfd8ae67256eb9a1c2471f092ff02&appname=&cdb=&gdprApplies=true&rid=&sii=2055554289249226850&oee=true&tpubid=1042962&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=&region=HE&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1003147&prcnt=&layer=
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20211215-1-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 28a8376313a88fc6972a455f1e81a766f8ecd6d7ed41108f9c4a0d851486addc

Request headers

Referer: https://www.threatminer.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
content-encoding: gzip
access-control-allow-origin: https://www.threatminer.org
machineid: 1450
x-cache: MISS
xvid-debug: mrmr - :
x-served-by: cache-cdg20753-CDG
pragma: no-cache
server: nginx
x-timer: S1639597319.313790,VS0,VE14
vary: Accept-Encoding
content-type: text/html;charset=ISO-8859-1
via: 1.1 varnish
expires: Sat, 26 Jul 1997 05:00:00 GMT
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
accept-ranges: bytes
link: <https://am-wf.taboola.com>; rel=preconnect
x-cache-hits: 0

GET
H2 200 userx.20211215-1-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ Frame 0D52 17 KB
5 KB 18ms
17ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/userx.20211215-1-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/disqus-widget-safetylevel20longtail09/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8d972e761cb8263d1fb42c33e710975c1679ee2eba516e8ca6f2302b10cbc0cb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: GERRszwnSBiv4HnOP9dBLehraHOaaSmV
content-encoding: gzip
etag: "7201cd37ff9241e1f5b98d6825eac73d"
age: 42
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 5339
x-amz-id-2: PXDI2PXODDe5Xs57zkX8Ri+heZTzY2GlJGTxYsuv+UdB2vWaaBTjVa/CTd6nXhkJoPMayji0rKk=
x-served-by: cache-cdg20753-CDG
last-modified: Wed, 15 Dec 2021 10:12:54 GMT
server: AmazonS3
x-timer: S1639597319.313909,VS0,VE0
date: Wed, 15 Dec 2021 19:41:59 GMT
vary: Accept-Encoding
x-amz-request-id: R32034MRNYVQ6SKA
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 50
x-cache-hits: 71

GET
H2 204 fix-user-id
trc.taboola.com/disqus-widget-safetylevel20longtail09/log/3/ Frame 0D52 0
255 B 31ms
30ms Image
image/gif 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/disqus-widget-safetylevel20longtail09/log/3/fix-user-id?lti=deflated&ri=e35cfd8ae67256eb9a1c2471f092ff02&sd=v2_f42f5588778c7497cf585e0d08350352_e9c935c0-cb37-453a-8af2-fa9f019e216c-tuct8b3ca86_1639597318_1639597318_CIi3jgYQktQ_GIDB9vzbLyABKAEwODib4wlAhIoQSPCs2QNQo-wQWABgAGiApKeijMutlDNwAA&ui=e9c935c0-cb37-453a-8af2-fa9f019e216c-tuct8b3ca86&pi=/sample.php&wi=2055554289249226850&pt=text&vi=1639597318272&time=1639597319296&fromUser=5b0d2eac-f762-40d4-b014-92a8157343f8-tuct8b3ca86&toUser=e9c935c0-cb37-453a-8af2-fa9f019e216c-tuct8b3ca86&fromSD=v2_7380e0b1a61bdd35b741a52660598bc5_5b0d2eac-f762-40d4-b014-92a8157343f8-tuct8b3ca86_1639597318_1639597318_CIi3jgYQktQ_GIDB9vzbLyABKAEwODib4wlAhIoQSPCs2QNQo-wQWABgAGiApKeijMutlDNwAA&toSD=v2_f42f5588778c7497cf585e0d08350352_e9c935c0-cb37-453a-8af2-fa9f019e216c-tuct8b3ca86_1639597318_1639597318_CIi3jgYQktQ_GIDB9vzbLyABKAEwODib4wlAhIoQSPCs2QNQo-wQWABgAGiApKeijMutlDNwAA&tim=19%3A41%3A59.296&id=4345&llvl=2&cv=20211215-1-RELEASE&
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 13
pragma: no-cache
date: Wed, 15 Dec 2021 19:41:59 GMT
via: 1.1 varnish
server: nginx
x-timer: S1639597319.314170,VS0,VE13
x-served-by: cache-cdg20753-CDG
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H3 200 tableau10.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/ Frame 681B 40 KB
40 KB 9ms
9ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/tableau10.jpg?1607436056177

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c622600140a1df451547bbbfb31b4703c0ef3a27562a31e339f0150ffe606aa

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 72253
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41258
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Tue, 14 Dec 2021 23:37:46 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 14 Dec 2022 23:37:46 GMT

GET
H2 200 76ebb25b3cdfd5ee66cedaad78032b88.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 0D52 6 KB
7 KB 21ms
18ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/76ebb25b3cdfd5ee66cedaad78032b88.jpg
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 3ac3e497642683f86a118c44f37e493e20e8e40c7577d0c244a71700cf45cc21

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Wed, 15 Dec 2021 19:41:59 GMT
via: 1.1 varnish, 1.1 varnish
age: 1629024
edge-cache-tag: 491639237218346085396558494362773291447,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 133
expiration: expiry-date="Fri, 26 Nov 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/76ebb25b3cdfd5ee66cedaad78032b88.jpg
content-length: 6186
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
last-modified: Tue, 26 Oct 2021 08:50:46 GMT
server: nginx
x-timer: S1639597319.326449,VS0,VE1
etag: "a7db406a55a035369140f96012faa93a"
x-served-by: cache-wdc5541-WDC, cache-dca17732-DCA, cache-cdg20753-CDG
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1

GET
H2 200 97b2c47246ac240b4c707a5eb02e51d6.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 0D52 9 KB
10 KB 19ms
17ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/97b2c47246ac240b4c707a5eb02e51d6.jpg
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20211215-1-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: a804d039c3e5a8ce2adf20de56ee26ecf54f07c0a6a1c2c677b9d971580745f5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Wed, 15 Dec 2021 19:41:59 GMT
via: 1.1 varnish, 1.1 varnish
age: 148367
edge-cache-tag: 371231349368601501045916157343057483449,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag: 371231349368601501045916157343057483449,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 99
x-envoy-upstream-service-time: 162
expiration: expiry-date="Sat, 25 Dec 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/97b2c47246ac240b4c707a5eb02e51d6.jpg
content-length: 9198
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
last-modified: Wed, 24 Nov 2021 07:21:35 GMT
server: nginx
x-timer: S1639597319.326513,VS0,VE0
etag: "e6e226760dd83f230f0c6f5f1ad238c6"
x-served-by: cache-bwi5069-BWI, cache-dca17741-DCA, cache-cdg20753-CDG
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 3

GET
H2 200 670f74e7f0dbcfacfed2ed500da463f5.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 0D52 6 KB
7 KB 20ms
17ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/670f74e7f0dbcfacfed2ed500da463f5.png
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20211215-1-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 14053ecb671ff488b7b8228571991f0bce2b091cdb3209415575029d76bd56c4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Wed, 15 Dec 2021 19:41:59 GMT
via: 1.1 varnish, 1.1 varnish
age: 1806491
edge-cache-tag: 490768624821855931895175027602589218109,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 35
expiration: expiry-date="Sat, 25 Dec 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/670f74e7f0dbcfacfed2ed500da463f5.png
content-length: 6104
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
last-modified: Wed, 24 Nov 2021 19:21:06 GMT
server: nginx
x-timer: S1639597319.326609,VS0,VE0
etag: "3c16ceb3633fb045b3ba7449aaae50f5"
x-served-by: cache-wdc5530-WDC, cache-dca17755-DCA, cache-cdg20753-CDG
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 3

GET
H2 200 4177abd6a9c2c6b3ff94c413d0719fe9.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 0D52 10 KB
10 KB 21ms
19ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4177abd6a9c2c6b3ff94c413d0719fe9.jpg
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 1bce557c722eab56c14620a4f07505a476194a829bfb6887fbad11e670bf6c78

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Wed, 15 Dec 2021 19:41:59 GMT
via: 1.1 varnish, 1.1 varnish
age: 912526
edge-cache-tag: 566327598996511499002244067176466409323,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 177
expiration: expiry-date="Wed, 15 Dec 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4177abd6a9c2c6b3ff94c413d0719fe9.jpg
content-length: 9840
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
last-modified: Sun, 14 Nov 2021 16:44:20 GMT
server: nginx
x-timer: S1639597319.326664,VS0,VE1
etag: "1efbbc149b1fca682c2b6305a2411224"
x-served-by: cache-wdc5576-WDC, cache-dca12923-DCA, cache-cdg20753-CDG
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1

GET
H2 200 4640ae29e00a56ce55fe227a1a24dd4e.jpg
images.taboola.com/taboola/image/fetch/h_234,w_280,c_fill,g_xy_center,x_561,y_218/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 0D52 11 KB
12 KB 23ms
20ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/h_234,w_280,c_fill,g_xy_center,x_561,y_218/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4640ae29e00a56ce55fe227a1a24dd4e.jpg
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e40d20754bf0c4ea2d81a21605badadf82924a18950347ae1c0acdc157319ff5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Wed, 15 Dec 2021 19:41:59 GMT
via: 1.1 varnish, 1.1 varnish
age: 512218
edge-cache-tag: 601022491358746621236925246867473976732,434702953277827878566502344381336513921,29ecf9b93bbf306179626feeda1fab70
cache-tag: 601022491358746621236925246867473976732,434702953277827878566502344381336513921,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 158
expiration: expiry-date="Sun, 19 Dec 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/h_234,w_280,c_fill,g_xy_center,x_561,y_218/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4640ae29e00a56ce55fe227a1a24dd4e.jpg
content-length: 11580
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
last-modified: Thu, 18 Nov 2021 22:11:22 GMT
server: nginx
x-timer: S1639597319.326753,VS0,VE1
etag: "60b492c7087237e3b1b388ec15dea5cc"
x-served-by: cache-wdc5526-WDC, cache-dca12921-DCA, cache-cdg20753-CDG
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1

GET
H2 200 e19a43d6eaa6dc1f825be7b2908b92ff.jpg
images.taboola.com/taboola/image/fetch/h_234,w_280,c_fill,g_xy_center,x_743,y_426/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 0D52 11 KB
11 KB 21ms
19ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/h_234,w_280,c_fill,g_xy_center,x_743,y_426/http%3A//cdn.taboola.com/libtrc/static/thumbnails/e19a43d6eaa6dc1f825be7b2908b92ff.jpg
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 8123acba7d6b7e97526e8e5f2efe210c231de8501e443ac3251e2f1c541f09d4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Wed, 15 Dec 2021 19:41:59 GMT
via: 1.1 varnish, 1.1 varnish
age: 2543640
edge-cache-tag: 515830319414999011275637841440825060704,440521896644080173044566607408668867372,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 67
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/h_234,w_280,c_fill,g_xy_center,x_743,y_426/http%3A//cdn.taboola.com/libtrc/static/thumbnails/e19a43d6eaa6dc1f825be7b2908b92ff.jpg
content-length: 11052
x-request-id: 4fa5c8907a888b549f7a7452a120da46
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
last-modified: Mon, 15 Nov 2021 13:42:20 GMT
server: nginx
x-timer: S1639597319.326826,VS0,VE1
etag: "8ea14d6ddf3cee52f018b0a7d8b42565"
x-served-by: cache-bwi5060-BWI, cache-dca17760-DCA, cache-cdg20753-CDG
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H3 200 tableau2.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/ Frame 681B 12 KB
12 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/tableau2.jpg?1607436056177

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

42894f3ad5731f9b4a4a3351452f09189a1e691009ceab6a19275de45e9304cc

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 83704
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11872
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Tue, 14 Dec 2021 20:26:55 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 14 Dec 2022 20:26:55 GMT

GET
H3 200 tableau3.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/ Frame 681B 4 KB
4 KB 10ms
10ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/tableau3.jpg?1607436056177

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2be708683c7b866e3afe46e6f96c57144b94f060c434cb5f5313a905503931d

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 73499
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3877
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Tue, 14 Dec 2021 23:17:00 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 14 Dec 2022 23:17:00 GMT

GET
H3 200 tableau4.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/ Frame 681B 4 KB
4 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/tableau4.jpg?1607436056177

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1bea73194f11df459501fbb414a944fc876c62dc2a7b22ebd481d457e07f5cee

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 49354
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4382
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Wed, 15 Dec 2021 05:59:25 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 15 Dec 2022 05:59:25 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/76ebb25b3cdfd5ee66cedaad78032b88.jpg
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 3ac3e497642683f86a118c44f37e493e20e8e40c7577d0c244a71700cf45cc21

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Wed, 15 Dec 2021 19:41:59 GMT
via: 1.1 varnish, 1.1 varnish
age: 1629024
edge-cache-tag: 491639237218346085396558494362773291447,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 133
expiration: expiry-date="Fri, 26 Nov 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/76ebb25b3cdfd5ee66cedaad78032b88.jpg
content-length: 6186
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
last-modified: Tue, 26 Oct 2021 08:50:46 GMT
server: nginx
x-timer: S1639597319.384344,VS0,VE0
etag: "a7db406a55a035369140f96012faa93a"
x-served-by: cache-wdc5541-WDC, cache-dca17732-DCA, cache-cdg20753-CDG
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 2

GET
H2 200 97b2c47246ac240b4c707a5eb02e51d6.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 0D52 9 KB
10 KB 17ms
17ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/97b2c47246ac240b4c707a5eb02e51d6.jpg
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: a804d039c3e5a8ce2adf20de56ee26ecf54f07c0a6a1c2c677b9d971580745f5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Wed, 15 Dec 2021 19:41:59 GMT
via: 1.1 varnish, 1.1 varnish
age: 148367
edge-cache-tag: 371231349368601501045916157343057483449,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
cache-tag: 371231349368601501045916157343057483449,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 99
x-envoy-upstream-service-time: 162
expiration: expiry-date="Sat, 25 Dec 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/97b2c47246ac240b4c707a5eb02e51d6.jpg
content-length: 9198
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
last-modified: Wed, 24 Nov 2021 07:21:35 GMT
server: nginx
x-timer: S1639597319.384751,VS0,VE0
etag: "e6e226760dd83f230f0c6f5f1ad238c6"
x-served-by: cache-bwi5069-BWI, cache-dca17741-DCA, cache-cdg20753-CDG
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 4

GET
H2 200 670f74e7f0dbcfacfed2ed500da463f5.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ Frame 0D52 6 KB
7 KB 17ms
16ms Image
image/webp 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/670f74e7f0dbcfacfed2ed500da463f5.png
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 14053ecb671ff488b7b8228571991f0bce2b091cdb3209415575029d76bd56c4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Wed, 15 Dec 2021 19:41:59 GMT
via: 1.1 varnish, 1.1 varnish
age: 1806491
edge-cache-tag: 490768624821855931895175027602589218109,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 35
expiration: expiry-date="Sat, 25 Dec 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/670f74e7f0dbcfacfed2ed500da463f5.png
content-length: 6104
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
last-modified: Wed, 24 Nov 2021 19:21:06 GMT
server: nginx
x-timer: S1639597319.384732,VS0,VE0
etag: "3c16ceb3633fb045b3ba7449aaae50f5"
x-served-by: cache-wdc5530-WDC, cache-dca17755-DCA, cache-cdg20753-CDG
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4177abd6a9c2c6b3ff94c413d0719fe9.jpg
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 1bce557c722eab56c14620a4f07505a476194a829bfb6887fbad11e670bf6c78

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Wed, 15 Dec 2021 19:41:59 GMT
via: 1.1 varnish, 1.1 varnish
age: 912526
edge-cache-tag: 566327598996511499002244067176466409323,459052303457394366171479749282851127576,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 177
expiration: expiry-date="Wed, 15 Dec 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_234%2Cw_280%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4177abd6a9c2c6b3ff94c413d0719fe9.jpg
content-length: 9840
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
last-modified: Sun, 14 Nov 2021 16:44:20 GMT
server: nginx
x-timer: S1639597319.384906,VS0,VE0
etag: "1efbbc149b1fca682c2b6305a2411224"
x-served-by: cache-wdc5576-WDC, cache-dca12923-DCA, cache-cdg20753-CDG
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/h_234,w_280,c_fill,g_xy_center,x_561,y_218/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4640ae29e00a56ce55fe227a1a24dd4e.jpg
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e40d20754bf0c4ea2d81a21605badadf82924a18950347ae1c0acdc157319ff5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Wed, 15 Dec 2021 19:41:59 GMT
via: 1.1 varnish, 1.1 varnish
age: 512218
edge-cache-tag: 601022491358746621236925246867473976732,434702953277827878566502344381336513921,29ecf9b93bbf306179626feeda1fab70
cache-tag: 601022491358746621236925246867473976732,434702953277827878566502344381336513921,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 158
expiration: expiry-date="Sun, 19 Dec 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/h_234,w_280,c_fill,g_xy_center,x_561,y_218/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4640ae29e00a56ce55fe227a1a24dd4e.jpg
content-length: 11580
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
last-modified: Thu, 18 Nov 2021 22:11:22 GMT
server: nginx
x-timer: S1639597319.384984,VS0,VE0
etag: "60b492c7087237e3b1b388ec15dea5cc"
x-served-by: cache-wdc5526-WDC, cache-dca12921-DCA, cache-cdg20753-CDG
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/h_234,w_280,c_fill,g_xy_center,x_743,y_426/http%3A//cdn.taboola.com/libtrc/static/thumbnails/e19a43d6eaa6dc1f825be7b2908b92ff.jpg
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 8123acba7d6b7e97526e8e5f2efe210c231de8501e443ac3251e2f1c541f09d4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Wed, 15 Dec 2021 19:41:59 GMT
via: 1.1 varnish, 1.1 varnish
age: 2543640
edge-cache-tag: 515830319414999011275637841440825060704,440521896644080173044566607408668867372,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 67
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/h_234,w_280,c_fill,g_xy_center,x_743,y_426/http%3A//cdn.taboola.com/libtrc/static/thumbnails/e19a43d6eaa6dc1f825be7b2908b92ff.jpg
content-length: 11052
x-request-id: 4fa5c8907a888b549f7a7452a120da46
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
last-modified: Mon, 15 Nov 2021 13:42:20 GMT
server: nginx
x-timer: S1639597319.385040,VS0,VE0
etag: "8ea14d6ddf3cee52f018b0a7d8b42565"
x-served-by: cache-bwi5060-BWI, cache-dca17760-DCA, cache-cdg20753-CDG
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 2

GET
H3 200 4766563120472053331
tpc.googlesyndication.com/daca_images/simgad/ Frame 2FE9 74 KB
74 KB 9ms
8ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/4766563120472053331

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=600&slotname=6407101181&adk=2989800909&adf=2245449527&pi=t.ma~as.6407101181&w=299&fwrn=4&fwrnh=100&lmt=1639597317&rafmt=1&psa=0&format=299x600&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597317600&bpp=1&bdt=239&idt=302&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250&correlator=8719168437898&frm=20&pv=1&ga_vid=312059641.1639597318&ga_sid=1639597318&ga_hid=1410843209&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=464529641161210&pem=28&tmod=284&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=PjDwG60QCM&p=https%3A//www.threatminer.org&dtd=306

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd985f03c9f87649112b373b06ac45d718c00afe0d4e40c3c6fded0c077190bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 00:10:14 GMT
x-content-type-options: nosniff
age: 70305
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 75706
x-xss-protection: 0
last-modified: Mon, 13 Sep 2021 15:12:20 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 15 Dec 2022 00:10:14 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 2FE9 19 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:40:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 89
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:40:30 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 2FE9 2 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:31:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 627
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:31:32 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2FE9 119 KB
36 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 15 Dec 2021 19:41:59 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 2FE9 15 KB
6 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:39:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 135
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:39:44 GMT

GET
H3 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 2FE9 27 KB
11 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2cc36b7e19b912c6d09739d2c3edbbb05a272be96736ae9fb0b0a70c2a331d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 15:46:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14101
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11415
x-xss-protection: 0
server: cafe
etag: 3382072337847676073
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 15:46:58 GMT

GET
H2 200 UnitWidgetItemDesktop.min.js Show response
vidstat.taboola.com/lite-unit/1.4.0/ Frame 0D52 79 KB
24 KB 18ms
16ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/lite-unit/1.4.0/UnitWidgetItemDesktop.min.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20211215-1-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e92552bc193c8bae835c7b6db6eea8a39593fa14fb75a227f738c415330cc84e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
via: 1.1 2ba5677785db2f66bc73820b2a261477.cloudfront.net (CloudFront), 1.1 varnish
age: 2401820
x-cache: Miss from cloudfront, HIT
content-encoding: gzip
content-length: 23743
x-served-by: cache-cdg20753-CDG
last-modified: Tue, 31 Mar 2020 13:14:35 GMT
server: AmazonS3
x-timer: S1639597319.391690,VS0,VE0
etag: "b683c290896a82c974838a04b4ea4aff"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: CDG50-P2
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: 3T8Zs_rJdhtrCy8BaVvHNzQpNR_P2g1lGfBOV7Gay0se3VtljH82pA==
x-cache-hits: 33124

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 2FE9 0
0 50ms
49ms Fetch
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CPlprBkW6YY_KA72Ks8IPkPy0qA-7ufX3Zrfjy-6DD9rZHhABINWzrm1gleKQgqAHoAGcr_uoAsgBAqgDAcgDyQSqBOEBT9CQK9z6e3EIUfdXdSRmwrIPVhRvJ_i58lmPiMWTKbthG_QmpXM6yGqj4z9krhYQUOvtzsOGL5xX4MW_1kYtUTF59HB8nSCPhPRnWt1_oMJbjXaZIcs-3U06U9bXorXhdFgdUlUs0zkXS9MuTPf06earwWOsTF086r7H8dWt_hwwlL43u7ikCIKfhfvGdQwzDMwKPo8h-87NanZsWHvAiFB0fLhXBYQ4WV6851nH_nk9nAdxTua9XpoYDRWSUTP-3xwvR3NIfdtqbczS4KVcSRq5xebunAWqvaXo3nVEUynqwATG49_E4QOSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGAoAHzNCE1wGoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBCXuwrSCAkIgOGAEBABGB-ACgHICwHYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItNTcyMDc2MzI3MTUzMjM3NxgA&sigh=MOLdFiD2Ss8&uach_m=[UACH]

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=600&slotname=6407101181&adk=2989800909&adf=2245449527&pi=t.ma~as.6407101181&w=299&fwrn=4&fwrnh=100&lmt=1639597317&rafmt=1&psa=0&format=299x600&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597317600&bpp=1&bdt=239&idt=302&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250&correlator=8719168437898&frm=20&pv=1&ga_vid=312059641.1639597318&ga_sid=1639597318&ga_hid=1410843209&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=464529641161210&pem=28&tmod=284&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=PjDwG60QCM&p=https%3A//www.threatminer.org&dtd=306
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 15 Dec 2021 19:41:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 css2
fonts.googleapis.com/ Frame 4D30 4 KB
634 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 15 Dec 2021 18:20:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 15 Dec 2021 19:41:59 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 15 Dec 2021 19:41:59 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4D30 205 B
229 B 7ms
6ms Image
image/png 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 14 Dec 2021 15:27:48 GMT
x-content-type-options: nosniff
age: 101651
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 14 Dec 2022 15:27:48 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4D30 604 B
628 B 8ms
7ms Image
image/png 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 16:49:32 GMT
x-content-type-options: nosniff
age: 10347
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 15 Dec 2022 16:49:32 GMT

GET
H3 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame 4D30 19 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc7731959f24eb86dc0127adfa88c91e71d68b5a0c958dae09aab1b34438256c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 18:45:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3413
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8346
x-xss-protection: 0
server: cafe
etag: 3177319193432224586
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 18:45:06 GMT

GET
H3 200 728x90.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10609010985198416840/ Frame 213A 88 KB
44 KB 9ms
9ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10609010985198416840/728x90.html

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7380e2fca7db8798958b96800dc6a99406e47da91552e89f46cc3bed51383b90

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin: *
date: Wed, 15 Dec 2021 16:23:20 GMT
expires: Thu, 15 Dec 2022 16:23:20 GMT
last-modified: Tue, 19 Oct 2021 08:15:12 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 45411
age: 11919
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 5112 19 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:40:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 89
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:40:30 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 5112 2 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:31:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 627
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:31:32 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 5112 15 KB
6 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:39:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 135
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:39:44 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5112 119 KB
36 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 15 Dec 2021 19:41:59 GMT

GET
H3 200 tableau5.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/ Frame 681B 4 KB
4 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/tableau5.jpg?1607436056177

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

987f51b2adf58821c632ff5c96ffaf4c66568002dd5281bebbca05b57cba87ca

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 479568
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4165
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Fri, 10 Dec 2021 06:29:11 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 10 Dec 2022 06:29:11 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2C81 143 B
163 B 7ms
6ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5720763271532377&output=html&h=600&slotname=6407101181&adk=2989800909&adf=2245449527&pi=t.ma~as.6407101181&w=299&fwrn=4&fwrnh=100&lmt=1639597317&rafmt=1&psa=0&format=299x600&url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1639597317600&bpp=1&bdt=239&idt=302&shv=r20211207&mjsv=m202112060101&ptt=9&saldr=aa&abxe=1&prev_fmts=299x250&correlator=8719168437898&frm=20&pv=1&ga_vid=312059641.1639597318&ga_sid=1639597318&ga_hid=1410843209&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=507&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062930&oid=2&pvsid=464529641161210&pem=28&tmod=284&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=PjDwG60QCM&p=https%3A//www.threatminer.org&dtd=306

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 15 Dec 2021 19:02:20 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2379
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 2FE9 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 236925aee8cac5f8331d085a0dee2ff840ff052aa946cd84fd3f02d83349f22c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

POST
H/1.1 200
OK ping Show response
links.services.disqus.com/api/ 317 B
754 B 88ms
44ms XHR
text/javascript 199.232.192.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://links.services.disqus.com/api/ping
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.192.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 3b3a78ab0004b3c7d8e3b60846867da3f466a3dec5e9e9f2d7e5c781b782d5e1

Request headers

Referer: https://www.threatminer.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 15 Dec 2021 19:41:59 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://www.threatminer.org
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 317
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 tableau6.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/ Frame 681B 13 KB
13 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/tableau6.jpg?1607436056177

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cec328dda453d77d1824c45585eaae7347667268a866026acee8d13400958706

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 85283
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13466
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Tue, 14 Dec 2021 20:00:36 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 14 Dec 2022 20:00:36 GMT

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 213A 9 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10609010985198416840/728x90.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 16:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12805
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 16 Dec 2021 16:08:34 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 213A 26 KB
10 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10609010985198416840/728x90.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 16:13:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12500
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 16 Dec 2021 16:13:39 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame DA68 3 KB
579 B 37ms
37ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 15 Dec 2021 18:25:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 15 Dec 2021 19:41:59 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 15 Dec 2021 19:41:59 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame DA68 1 KB
894 B 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:40:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 63
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 853
x-xss-protection: 0
server: cafe
etag: 7170004918125193417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:40:56 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame DA68 19 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:40:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 89
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:40:30 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame DA68 2 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:31:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 627
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:31:32 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame DA68 15 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:39:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 135
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:39:44 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame DA68 0
0 16ms
16ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTIJJT7jl8J64oqJOCilbP_jcSyh8F8PLm1Flkhr_N3qvfnKBTaWSpUe4aSC2Dfbd0YPMFB_9Dk0vNmkqTXccTHEnJzNg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DA68 119 KB
36 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 15 Dec 2021 19:41:59 GMT

GET
H3 200 6d065ef8aad4e53a06604e1059b7b7b3.js Show response
www.gstatic.com/mysidia/ Frame DA68 27 KB
11 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6d065ef8aad4e53a06604e1059b7b7b3.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 14 Dec 2021 19:06:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 88518
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11408
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 07:52:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 14 Mar 2022 19:06:41 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7798 143 B
163 B 8ms
7ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 15 Dec 2021 19:02:20 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2379
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 tableau7.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/ Frame 681B 4 KB
4 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/tableau7.jpg?1607436056177

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c54340af80e1caef7e5fa1f8b7a31d771262abc6dfa67ae79e9ebe0985c6f09b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 72253
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3849
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Tue, 14 Dec 2021 23:37:46 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 14 Dec 2022 23:37:46 GMT

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ 43 B
339 B 102ms
102ms Image
image/gif 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?imp=8skon082b8r7fp&experiment=network_default&variant=fallthrough&service=dynamic&area=bottom&product=embed&forum=threatminer&zone=thread&version=9068118211410bc5f67f5bb8d6806cba&page_url=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7%23gsc.tab%3D0%26gsc.q%3Df326e2b2eb1f84179c8d81fb31d22ea7%26gsc.page%3D1&page_referrer=&object_type=advertisement&provider=taboola&event=activity&ad_product_name=iab_display&ad_product_layout=iab_display&bin=embed%3Apromoted_discovery%3Adynamic%3Anetwork_default%3Afallthrough&object_id=%5B184193%5D&section=default&verb=load&advertisement_id=184193&forum_id=5993718

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 19:41:59 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D197 143 B
163 B 7ms
7ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 15 Dec 2021 19:02:20 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2379
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 213A 19 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e0ec954ff48bfab4e4f6853c18863074629e1b242a2a6e62691dfbb778073beb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ Frame 213A 18 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5deb2f01b607d9f2177125509564fab61d597545d601b46607c0974d0ac89260

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H3 200 tableau8.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/ Frame 681B 7 KB
7 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/tableau8.jpg?1607436056177

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6af63c5cdfecc2a05ec551afa4c95627062cc404712e91ac85c28c2aeaff2fc2

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 78595
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7156
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Tue, 14 Dec 2021 21:52:04 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 14 Dec 2022 21:52:04 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2C81
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

77ms
77ms

Document
text/html

2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 15 Dec 2021 19:41:59 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 15 Dec 2021 19:41:59 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 15 Dec 2021 19:41:59 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK sync.gif
links.services.disqus.com/api/ 43 B
375 B 45ms
45ms Image
image/gif 199.232.192.64
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://links.services.disqus.com/api/sync.gif?key=cfdfcf52dffd0a702a61bad27507376d
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.192.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Dec 2021 19:41:59 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Type: image/gif;charset=UTF-8
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js Show response
pagead2.googlesyndication.com/bg/ Frame 5C28 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53f0cf5f2fef7e5a938d553f62eb56266d1ac4e244eb7dcd40630614485fdacd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 14 Dec 2021 13:27:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 108887
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13577
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 14 Dec 2022 13:27:12 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3DB5 42 B
64 B 60ms
45ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss04CM7V3T0qw3Ue_S0_EMi4vYsaMM1MM5jCDG-NtEL53Y8_h8wmxv6ipyANIO74oV_Ek8fs61Ng9UKSLud0qbl6iDQfCJrDE83AZoSkS_fJqLHe3NN2g&sai=AMfl-YSQsAviM7g7EVyCY13mVY1D458akWObGo72BSe3AXehVDpkhxVRHAdqtZcY9gDiH_sRZOH9hpdrd2Qw&sig=Cg0ArKJSzKWDM0FDH_iiEAE&id=lidar2&mcvt=1031&p=0,1,249.1875,300&mtos=1031,1031,1031,1031,1031&tos=1031,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=1382012186&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639597317888&rpt=723&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Dec 2021 19:41:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK domains Show response
links.services.disqus.com/api/ 61 B
497 B 63ms
46ms XHR
text/javascript 199.232.192.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://links.services.disqus.com/api/domains
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.192.64 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: afdc1b67c3c000a42c7d4ecbd98f95ac6e712e1b5039b0e8d89844b97a028685

Request headers

Referer: https://www.threatminer.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 15 Dec 2021 19:41:59 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://www.threatminer.org
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 61
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 tableau9.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/ Frame 681B 5 KB
5 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/tableau9.jpg?1607436056177

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a54149354f8872db43e65d8bc5c53087da5717af16e2f217e4fdff30d2f396d

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 117698
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4871
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Tue, 14 Dec 2021 11:00:21 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 14 Dec 2022 11:00:21 GMT

GET
H/1.1 200
OK script.js Show response
acdn.adnxs-simple.com/strikeforce/ Frame 17A4 117 KB
39 KB 86ms
23ms Script
application/javascript 2.18.232.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs-simple.com/strikeforce/script.js
Requested by: Host: lax1-ib.adnxs-simple.com
URL: https://lax1-ib.adnxs-simple.com/ab?an_audit=0&referrer=www.threatminer.org&e=wqT_3QK4KWy4FAAAAwDWAAUBCIaK6Y0GEPHLt6KDkoOtHhj_EQF4ASo2CW6-Ed2zrpE_EVVd0fdkD44_GQAAAOCjcBlAIRESACkRJNAxAAAAgD0Ktz8wspn5CDizGUDlHkhlUKeiyyVYnMuFAWAAaJ3JnAF46t4FgAEBigEDVVNEkgUG9F4BmAHYBaABWqgBAbABALgBAsABBcgBAtABANgBAOABAPABALICATDYAqRD4ALq-SXqAhN3d3cudGhyZWF0bWluZXIub3Jn8gIMCgZIRUlHSFQSAjkw8gIMCgVXSURUSBIDNzI48gIhCgZMT0FERVISF3JlbmRlcl9wb3N0X2Fkc192MS5odG1s8gIYCgpJRlJBTUVfS0VZEgoxMjk4NDQ2ODE58gKiDwoLUFJFX1NDUklQVFMSkg88c2NyaXB0PihmdW5jdGlvbigpey8qCgogQ29weXJpZ2h0IFRoZSBDbG9zdXJlIExpYnJhcnkgQXV0aG9ycy4KIFNQRFgtTGljZW5zZS1JZGVudGlmaWVyOiBBcGFjaGUtMi4wCiovCnZhciBoPXRoaXN8fHNlbGY7LyoKCiBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMAoqLwpmdW5jAZxgIGsoYil7a1siICJdKGIpO3JldHVybiBifQkTED1mdW5jASjwUigpe307dmFyIG09UmVnRXhwKCJeaHR0cHM_Oi8vKFxcd3wtKStcXC5jZG5cXC5hbXBwcm9qZWN0XFwuKG5ldHxvcmcpKFxcP3wvfCQpIik7CmZ1CVkAIAFbAVkIYj1oBWEMYz1bXQUJIGU9bnVsbDtkbwUfGGE9Yjt0cnkFDCxkO2lmKGQ9ISFhJiYBJBwhPWEubG9jYQGpIC5ocmVmKWI6ewEtkGsoYS5mb28pO2Q9ITA7YnJlYWsgYn1jYXRjaChsKXt9ZD0hMX0BfQhnPWQZFwBnARYQaWYoZykFbgBmPl4AODtlPWEuZG9jdW1lbnQmJhkMKC5yZWZlcnJlcnx8AZckfWVsc2UgZj1lLA3LTGMucHVzaChuZXcgcChmfHwiIikpBdUkYj1hLnBhcmVudBmGAGIF__BAfX13aGlsZShiJiZhIT1iKTthPTA7Zm9yKGI9Yy5sZW5ndGgtMTthPD1iOysrYSljW2FdLmRlcHRoPWItYTthPWghKzkeAa41KjhhbmNlc3Rvck9yaWdpbnNuHAANawA9HXUAKQmGDDE7YjwRikw7KytiKWY9Y1tiXSxmLnVybHx8KAUILkIBOnYAFFtiLQoxXSEMGCxmLmg9ITAB4ykiAGgZqyHVFCwhMSk7ZiUWJQIEZT0yBAEgMDw9ZTstLWUpIbpEPWNbZV0sIWYmJm0udGVzdChnAY8gKSYmKGY9ZyksBQ4oJiYhZy5oKXthPWdJGwB9DV0AZRXmBCYmAcwBOwQ7MEFlAGQhWggmJmUFSAEbCCk7YwWtEHEoYSxmdT4UYy5nP2MuBWUMOmMuaQFAAH1xSTQgcShiLGMpe3RoaXMuaUHVAQkIZz1jGSIAcB0iCHVybBEkFGg9ISFjOwUvBYglCgR9OxVZBHIoSbCIYj1uKCksYz1iLmluZGV4T2YoIj8iKTtzZXRUaW1lb3V0KGZ51UH9RGU9dm9pZCAwPT09ZT8uMDE6ZUE1RCEoTWF0aC5yYW5kb20oKT5lKQlfBGE9UfsMLmN1ckG0KFNjcmlwdDthPShhGUoEYT9hA6A6YSkmJiI3NyI9PT1hLmdldEF0dHJpYnV0ZSgiZGF0YS1qYyIpP2E6ZG1OQC5xdWVyeVNlbGVjdG9yKCdbDSUAPQFEGF0nKTtlPSKFd1g6Ly9wYWdlYWQyLmdvb2dsZXN5bmRpY4kDCGNvbQ0ekC9nZW5fMjA0P2lkPWpjYSZqYz03NyZ2ZXJzaW9uPSIrKGEmJmFWmAAALQ0mkCIpfHwidW5rbm93biIpKyImc2FtcGxlPSIrZTthPXdpbmRvdzshR42WMGEubmF2aWdhdG9yKWQuDgBQLnVzZXJBZ2VudCxkPS9DaHJvbWUvSZ4gZCkmJiEvRWRnGREcPyEwOiExO2RhlhVRMC5zZW5kQmVhY29uPwodaR0YFChlKTooYS0VQF9pbWFnZV9yZXF1ZXN0c3x8XhoAED1bXSksAa4x3AQsZDnLBGQ_ERY8OmQsZD1kLmNyZWF0ZUVsZaEBPCgiaW1nIiksZC5zcmM9ZSxafACJ-xhkKSl9fSwwdSpcMDw9Yz9iLnN1YnN0cmluZygwLGMpOmJ9KVcMLnJmbC6CBs2dgGVuY29kZVVSSUNvbXBvbmVudChyKCkpfTt9KS5jYWxsKGEkECk7Cjwv7Ypo8gLJAgoKRVhUUkFfVEFHUxK6AjxkaXYgc3R5IckMcG9zacE7ZDogYWJzb2x1dGU7IGxlZnQ6IDBweDsgdG9wDQpkdmlzaWJpbGl0eTogaGlkZGVuOyI-PGltZyAB--KZAhRhd2JpZCYFBvCGX2I9QUtBbWYtRE5Ia2ltTXpBQVFubVl3S0ZVMWsydm5mWEhsTUFoYkJQNjZZbmVSbU54M0ZDTGFkVXlmaGMyc19VOTc2WkdYQ20xN0xCcUJvd1RWSDViVHJ0S2ZmRTluYmNjNXciIGJvcmRlcj0wIHdpZHRoPTEgaGVpZ2h0PTEgYWx0PSIiMRqoZGlzcGxheTpub25lIj48L2Rpdj7yApoBCgxQT1NUX1NDUklQVFMSiQE8c4UENggBaZlQYWRzLmcuZG91YmxlY2xpY2submV0cZ88eGJmZV9iYWNrZmlsbC5qcwFlLbUNUy5HCSgge3IzcHgoJzEyORqACRwnKTt9KSgpOz3rEJwPChBIAZ40UE9SVF9QQVJBTVMShw-RNoqVAPB9YWRmZXRjaD9hZGs9NDE1MjA0ODAyMSZhZHNhZmU9bWVkaXVtJmNsaWVudD1jYS1wdWItMzA3Njg5MDAxMjc0MTQ2NyZmb3JtYXQ9NzI4eDkwX2FzJmlwPTE4NS4yMzIuMjMuMCZvdXRwdXQ9aHRtbCZ1bnZpZXdlZF9wb3NpQYogX3N0YXJ0PTEmof8Ad0bUChAmc3ViXw2CAGJBifB9ci00OTgyNDIyJmhsPWRlJmFjZWlkPU1ERFU1Z0Q1VlRRQmttQTBBUzlqTkFHU2JUUUJzVzQwQWVWdU5BR25ielFCd204MEFSUndOQUVlY0RRQlhuQTBBWXR3TkFHMWNEUUIzWEEwQVE1eE5BRlVjVFFCVlhFMEFXWnhOQUY0ARAsaDNFMEFhQnhOQUdqARAsdFhFMEFkRnhOQUhTBRD0XAgyeEJBVXR6UVFGVGMwRUJ0QjFjQWpqSVhBTFc5b2dDUWZlSUFyTDNpQUo1UUtvQ0owS3FBaWhDcWdKc1c2b0NmbUtxQW1kb3FnSjZjNm9DX25pcUF1SjdxZ0x1aHFvQ2pZcXFBb0NicWdLQm02b0NncHVxQWhhbnFnS2xwNm9Db3FpcUF0NnJxZ0lzcktvQ0hLNnFBaDZ1cWdLVnI2b0NkN0NxQW5td3FnS0FzS29DZ3JDcUFvbXdxZ0toczZvQ3RyU3FBc2UxcWdKVHVxb0NyOENxQXV6QnFnTFd6S29DS00ycUFqTE9xZ0pOenFvQ3U4NnFBczdUcWdKTjFhb0NTZGFxQXBQWHFnSXMyS29DajlpcUFqN1pxZ0o5MmFvQ2U5cXFBaDdicWdLYTNLb0NyZHlxQWtfZHFnSW8zcW9DTnQ2cUFsWGVxZ0o5M3FvQ29kNnFBc2JlcWdMbDNxb0NrLUtxQXRUaXFnSmo0Nm9DOXVPcUF2dmtxZ0tnNWFvQzR1V3FBZ2ZucWdKczZLb0MzdWlxQW83cXFnSzI2cW9DOC11cUFrYnNxZ0tVN0tvQ24teXFBa3Z0cWdKajdhb0NQTzZxQXJ6WXRnZjgxMzhJMFlZakNxM09aUTVadGZzU0ljWDdFZ2JKLXhKT3pmc1N6dEg3RXJ2Yy14TDU1ZnNTQk9yN0VrcnIteEo3Nl9zU3AtdjdFaUhzLXhLQTdQc1NpdXo3RW1idC14Snk3ZnNTNE8zN0VoRHcteEpBOFBzU2xtWmtFLWxiMEJPY3l4d1k5MVpyR2tnZnJCdUd2UDhqV3dDU0tkZk90UzRwSXZwQzlqLWZUQSZleGs9MTI5ODQ0NjgxOSZhd2JpZF9jPUFLQW1mLURVcmFvbjdaZk4zQ2pGaGZ1MWRyYjFEazktT2xxcGRKRFZPejhWbWJFeDU2NEtTZVZ1dDljc0JFNV9RZXhaM3BfTVBpRHpUaE1jZzFfaXdLRzl5ZzNYeC1kdDFpenM4MVFtREpoT1ZLQTdwTEpCd19QR09UMS1wVmh2MFJXU1dMbzlyUFFhWDBnU2tNQ3cyaFFBVzNzQThwLWhLUSZhd2JpZF9kPUFLQW1mLUFfcVZ1dC1YTXlka2N2LWFLMnU2enZHSF94Q1ZCSmlYam1WcGRybGwyWEJfQXJ5b1JtcUV0cVdBMUhkSzJYZlBOZ3NCbVN4VFU1OXF2ZlExWkNfMl9UejkzN1lmTXZSVVc3c2pPZWhlbFRpY283ZUV0azlpS0MwMFludlJhOXBFZmR0aWtndDdZaWFaa2NzVWJ2Mk5LbkdzbjRSR1NDeVo0ZHFkMnktdTlhU3dReGNlakI5RWo2SFlra3VkbmVIN3NJWWJ1S3FmSEpqSjVmX3l5TDJTNl9XNmNXdzB1U3VNNlF0ZjBRdUpUT2RQLTZocFpGbGUwOHE3SE1hWTVlRFhWTUs3dVpKQXpSTjh5WkNyWURZZVd0Z29MaHg3N1pxMVpVUkJCM055QkpKN1RnZ3JjTnhGa0xBcGdOdkNQaFRZLWhjQmZRNlhuZk1YWmRWWkZHT3RheDBPYlVMbWVXSGdlVzlYRFMxOEFZbHZXMDlRX1BIZjZPU1BTY295bmxWNnFZVUZMcnBscHh1QUVUR3NjWjJuLW1hOEE5ZGV2dmJDdXM0ZmZiUjI0V2kzRjBmY0xVWXhnWU9sTXlMTHNGeXJ1R3I4Nk5jMF90cHVTMDlZX0xRWnZvNWZqWlk2a0ZzSmJYLWVhb2NZN1pqNndzbUhnbzhsdnp0S09vUUgzMU4xR1NwZXNRSjgtRXM5RDZoRmdLREdBNldnNkd4bXhSUEIxUThYeVZ2bVAtb0NOcnJDazVnWndfZklUU2tkU0FnUVFFWUNuZUxBWFBJRGxxbV9Od191UERDS0Y1TXNUUU1lbkhSR1NXZFlfM1RsU2xtTFl2ejZuS3ZUWVJNVXJBWFl2Vy1jSlNlTTA2Q2JPdkVJWEx3SU5GX3hRXzhObkdjQnVRQ080UGZfNDdZakNydFVvJmNpZD1DQUFTQk9Sb2hiZyZhX2NpZD2AAwGIAwCQAwCYAxSgAwGqA-oBCr8BaHR0cHM6Ly9wYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbS9wYWdlYWQvZ2VuXzIwND9pZD1hd2JpZCZhd2JpZF9iPUFLQW1mLURCNnVtNmVSa1o1QmdYdURVSlNXR3NYLWFwZ0p5QS02OXQxOWJXOTV0Ui0wZ05iUlRzaF9CcEdvVkRQQTJUbE01SkZVRzlzMGtOZlI4M3NRMzZ5R1UyS1psaU5nJnByPTEwOiR7QVVDVElPTl9QUklDRX0aEzIxODcwNzQzODI1MzQxNDE0MjUiCDc4ODI3ODE1KgQzOTQxOgEwwAOsAsgDANgDAOADAOgDAPgDA4AEAJIECS9vcGVucnRiMpgEAKIEDjE4NS4yMzIuMjMuMTgwqASeAbIEDAgAEAAYACAAMAA4ALgEAMAEAMgEANoEAggB4AQA8ASnossliAUBmAUAoAWVzaOL9sX4vDCqBSo0ODA1MjkwZi0yMjY5LTQ3MjAtYjMzMy04OWVjNzhiNmIxM2Z-ODgzfjHABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AWy1gH6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AG7o8B2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcMMTMyMzQ3MTk2ODQ5ugcPCAAQABgAIAAwADi_BkAAyAfq3gXSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwBwCKCAIQAA..&s=6dc008e505dadf01526375899aab1cd463386c06&pp=0.014678
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-130.deploy.static.akamaitechnologies.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 24f164db30f201dfea047e885e44e77a310f64af80264642cddf21c22c395e5c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 19:41:59 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Dec 2021 15:55:26 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "61ae326e-1d543"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Connection: keep-alive
Content-Length: 39321
Expires: Thu, 16 Dec 2021 19:42:01 GMT

GET
H/1.1 200
OK rd_log Show response
lax1-ib.adnxs-simple.com/ Frame 17A4 0
657 B 259ms
259ms Script
text/html 104.254.148.196
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://lax1-ib.adnxs-simple.com/rd_log?an_audit=0&referrer=www.threatminer.org&e=wqT_3QLNJ2zNEwAAAwDWAAUBCIaK6Y0GEPHLt6KDkoOtHhj_EQF4ASo2CW--Ed2zrpE_EVVd0fdkD44_GQAAAOCjcBlAIRESBCluDSTQMQAAAIA9Crc_MLKZ-Qg4sxlA5R5IZVCnosslWJzLhQFgAGidyZwBeOreBYABAYoBA1VTRJIFBvReAZgB2AWgAVqoAQGwAQC4AQLAAQXIAQLQAQDYAQDgAQDwAQCyAgEw2AKkQ-AC6vkl6gITd3d3LnRocmVhdG1pbmVyLm9yZ_ICDAoGSEVJR0hUEgI5MPICDAoFV0lEVEgSAzcyOPICIQoGTE9BREVSEhdyZW5kZXJfcG9zdF9hZHNfdjEuaHRtbPICGAoKSUZSQU1FX0tFWRIKMTI5ODQ0NjgxOfICog8KC1BSRV9TQ1JJUFRTEpIPPHNjcmlwdD4oZnVuY3Rpb24oKXsvKgoKIENvcHlyaWdodCBUaGUgQ2xvc3VyZSBMaWJyYXJ5IEF1dGhvcnMuCiBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMAoqLwp2YXIgaD10aGlzfHxzZWxmOy8qCgogU1BEWC1MaWNlbnNlLUlkZW50aWZpZXI6IEFwYWNoZS0yLjAKKi8KZnVuYwGcYCBrKGIpe2tbIiAiXShiKTtyZXR1cm4gYn0JExA9ZnVuYwEo8FIoKXt9O3ZhciBtPVJlZ0V4cCgiXmh0dHBzPzovLyhcXHd8LSkrXFwuY2RuXFwuYW1wcHJvamVjdFxcLihuZXR8b3JnKShcXD98L3wkKSIpOwpmdQlZACABWwFZCGI9aAVhDGM9W10FCSBlPW51bGw7ZG8FHxhhPWI7dHJ5BQwsZDtpZihkPSEhYSYmASQcIT1hLmxvY2EBqSAuaHJlZiliOnsBLZBrKGEuZm9vKTtkPSEwO2JyZWFrIGJ9Y2F0Y2gobCl7fWQ9ITF9AX0IZz1kGRcAZwEWEGlmKGcpBW4AZj5eADg7ZT1hLmRvY3VtZW50JiYZDCgucmVmZXJyZXJ8fAGXJH1lbHNlIGY9ZSwNy0xjLnB1c2gobmV3IHAoZnx8IiIpKQXVJGI9YS5wYXJlbnQZhgBiBf_wQH19d2hpbGUoYiYmYSE9Yik7YT0wO2ZvcihiPWMubGVuZ3RoLTE7YTw9YjsrK2EpY1thXS5kZXB0aD1iLWE7YT1oISs5HgGuNSo4YW5jZXN0b3JPcmlnaW5zbhwADWsAPR11ACkJhgwxO2I8EYpMOysrYilmPWNbYl0sZi51cmx8fCgFCC5CATp2ABRbYi0KMV0hDBgsZi5oPSEwAeMpIgBoGash1RQsITEpO2YlFiUCBGU9MgQBIDA8PWU7LS1lKSG6RD1jW2VdLCFmJiZtLnRlc3QoZwGPICkmJihmPWcpLAUOKCYmIWcuaCl7YT1nSRsAfQ1dAGUV5gQmJgHMATsEOzBBZQBkIVoIJiZlBUgBGwgpO2MFrRBxKGEsZnU-FGMuZz9jLgVlDDpjLmkBQAB9cUk0IHEoYixjKXt0aGlzLmlB1QEJCGc9YxkiAHAdIgh1cmwRJBRoPSEhYzsFLwWIJQoEfTsVWQRyKEmwiGI9bigpLGM9Yi5pbmRleE9mKCI_Iik7c2V0VGltZW91dChmedVB_URlPXZvaWQgMD09PWU_LjAxOmVBNUQhKE1hdGgucmFuZG9tKCk-ZSkJXwRhPVH7DC5jdXJBtChTY3JpcHQ7YT0oYRlKBGE_YQOgOmEpJiYiNzciPT09YS5nZXRBdHRyaWJ1dGUoImRhdGEtamMiKT9hOmRtTkAucXVlcnlTZWxlY3RvcignWw0lAD0BRBhdJyk7ZT0ihXdYOi8vcGFnZWFkMi5nb29nbGVzeW5kaWOJAwhjb20NHpAvZ2VuXzIwND9pZD1qY2EmamM9NzcmdmVyc2lvbj0iKyhhJiZhVpgAAC0NJpAiKXx8InVua25vd24iKSsiJnNhbXBsZT0iK2U7YT13aW5kb3c7IUeNljBhLm5hdmlnYXRvcilkLg4AUC51c2VyQWdlbnQsZD0vQ2hyb21lL0meIGQpJiYhL0VkZxkRHD8hMDohMTtkYZYVUTAuc2VuZEJlYWNvbj8KHWkdGBQoZSk6KGEtFUBfaW1hZ2VfcmVxdWVzdHN8fF4aABA9W10pLAGuMdwELGQ5ywRkPxEWPDpkLGQ9ZC5jcmVhdGVFbGWhATwoImltZyIpLGQuc3JjPWUsWnwAifsYZCkpfX0sMHUqXDA8PWM_Yi5zdWJzdHJpbmcoMCxjKTpifSlXDC5yZmwuggbNnYBlbmNvZGVVUklDb21wb25lbnQocigpKX07fSkuY2FsbChhJBApOwo8L-2KaPICyQIKCkVYVFJBX1RBR1MSugI8ZGl2IHN0eSHJDHBvc2nBO2Q6IGFic29sdXRlOyBsZWZ0OiAwcHg7IHRvcA0KZHZpc2liaWxpdHk6IGhpZGRlbjsiPjxpbWcgAfvimQIUYXdiaWQmBQbwhl9iPUFLQW1mLUROSGtpbU16QUFRbm1Zd0tGVTFrMnZuZlhIbE1BaGJCUDY2WW5lUm1OeDNGQ0xhZFV5ZmhjMnNfVTk3NlpHWENtMTdMQnFCb3dUVkg1YlRydEtmZkU5bmJjYzV3IiBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0iIjEaqGRpc3BsYXk6bm9uZSI-PC9kaXY-8gKaAQoMUE9TVF9TQ1JJUFRTEokBPHOFBDYIAWmZUGFkcy5nLmRvdWJsZWNsaWNrLm5ldHGfPHhiZmVfYmFja2ZpbGwuanMBZS21DVMuRwkoIHtyM3B4KCcxMjkagAkcJyk7fSkoKTs96xCcDwoQSAGeNFBPUlRfUEFSQU1TEocPkTaKlQDwfWFkZmV0Y2g_YWRrPTQxNTIwNDgwMjEmYWRzYWZlPW1lZGl1bSZjbGllbnQ9Y2EtcHViLTMwNzY4OTAwMTI3NDE0NjcmZm9ybWF0PTcyOHg5MF9hcyZpcD0xODUuMjMyLjIzLjAmb3V0cHV0PWh0bWwmdW52aWV3ZWRfcG9zaUGKIF9zdGFydD0xJqH_AHdG1AoQJnN1Yl8NggBiQYnwfXItNDk4MjQyMiZobD1kZSZhY2VpZD1NRERVNWdENVZUUUJrbUEwQVM5ak5BR1NiVFFCc1c0MEFlVnVOQUduYnpRQndtODBBUlJ3TkFFZWNEUUJYbkEwQVl0d05BRzFjRFFCM1hBMEFRNXhOQUZVY1RRQlZYRTBBV1p4TkFGNAEQLGgzRTBBYUJ4TkFHagEQLHRYRTBBZEZ4TkFIUwUQ9HEHMnhCQVV0elFRRlRjMEVCdEIxY0FqaklYQUxXOW9nQ1FmZUlBckwzaUFKNVFLb0NKMEtxQWloQ3FnSnNXNm9DZm1LcUFtZG9xZ0o2YzZvQ19uaXFBdUo3cWdMdWhxb0NqWXFxQW9DYnFnS0JtNm9DZ3B1cUFoYW5xZ0tscDZvQ29xaXFBdDZycWdJc3JLb0NISzZxQWg2dXFnS1ZyNm9DZDdDcUFubXdxZ0tBc0tvQ2dyQ3FBb213cWdLaHM2b0N0clNxQXNlMXFnSlR1cW9DcjhDcUF1ekJxZ0xXektvQ0tNMnFBakxPcWdKTnpxb0N1ODZxQXM3VHFnSk4xYW9DU2RhcUFwUFhxZ0lzMktvQ2o5aXFBajdacWdKOTJhb0NlOXFxQWg3YnFnS2EzS29DcmR5cUFrX2RxZ0lvM3FvQ050NnFBbFhlcWdKOTNxb0NvZDZxQXNiZXFnTGwzcW9Day1LcUF0VGlxZ0pqNDZvQzl1T3FBdnZrcWdLZzVhb0M0dVdxQWdmbnFnSnM2S29DM3VpcUFvN3FxZ0syNnFvQzgtdXFBa2JzcWdLVTdLb0NuLXlxQWt2dHFnSmo3YW9DUE82cUFyell0Z2Y4MTM4STBZWWpDcTNPWlE1WnRmc1NJY1g3RWdiSi14Sk96ZnNTenRIN0VydmMteEw1NWZzU0JPcjdFa3JyLXhKNzZfc1NwLXY3RWlIcy14S0E3UHNTaXV6N0VtYnQteEp5N2ZzUzRPMzdFaER3LXhKQThQc1NsbVprRS1sYjBCT2N5eHdZOTFackdrZ2ZyQnVHdlA4ald3Q1NLZGZPdFM0cEl2cEM5ai1mVEEmZXhrPTEyOTg0NDY4MTkmYXdiaWRfYz1BS0FtZi1EVXJhb243WmZOM0NqRmhmdTFkcmIxRGs5LU9scXBkSkRWT3o4Vm1iRXg1NjRLU2VWdXQ5Y3NCRTVfUWV4WjNwX01QaUR6VGhNY2cxX2l3S0c5eWczWHgtZHQxaXpzODFRbURKaE9WS0E3cExKQndfUEdPVDEtcFZodjBSV1NXTG85clBRYVgwZ1NrTUN3MmhRQVczc0E4cC1oS1EmYXdiaWRfZD1BS0FtZi1BX3FWdXQtWE15ZGtjdi1hSzJ1Nnp2R0hfeENWQkppWGptVnBkcmxsMlhCX0FyeW9SbXFFdHFXQTFIZEsyWGZQTmdzQm1TeFRVNTlxdmZRMVpDXzJfVHo5MzdZZk12UlVXN3NqT2VoZWxUaWNvN2VFdGs5aUtDMDBZbnZSYTlwRWZkdGlrZ3Q3WWlhWmtjc1VidjJOS25Hc240UkdTQ3laNGRxZDJ5LXU5YVN3UXhjZWpCOUVqNkhZa2t1ZG5lSDdzSVlidUtxZkhKako1Zl95eUwyUzZfVzZjV3cwdVN1TTZRdGYwUXVKVE9kUC02aHBaRmxlMDhxN0hNYVk1ZURYVk1LN3VaSkF6Uk44eVpDcllEWWVXdGdvTGh4NzdacTFaVVJCQjNOeUJKSjdUZ2dyY054RmtMQXBnTnZDUGhUWS1oY0JmUTZYbmZNWFpkVlpGR090YXgwT2JVTG1lV0hnZVc5WERTMThBWWx2VzA5UV9QSGY2T1NQU2NveW5sVjZxWVVGTHJwbHB4dUFFVEdzY1oybi1tYThBOWRldnZiQ3VzNGZmYlIyNFdpM0YwZmNMVVl4Z1lPbE15TExzRnlydUdyODZOYzBfdHB1UzA5WV9MUVp2bzVmalpZNmtGc0piWC1lYW9jWTdaajZ3c21IZ284bHZ6dEtPb1FIMzFOMUdTcGVzUUo4LUVzOUQ2aEZnS0RHQTZXZzZHeG14UlBCMVE4WHlWdm1QLW9DTnJyQ2s1Z1p3X2ZJVFNrZFNBZ1FRRVlDbmVMQVhQSURscW1fTndfdVBEQ0tGNU1zVFFNZW5IUkdTV2RZXzNUbFNsbUxZdno2bkt2VFlSTVVyQVhZdlctY0pTZU0wNkNiT3ZFSVhMd0lORl94UV84Tm5HY0J1UUNPNFBmXzQ3WWpDcnRVbyZjaWQ9Q0FBU0JPUm9oYmcmYV9jaWQ9gAMBiAMAkAMAmAMUoAMBqgMAwAOsAsgDANgDAOADAOgDAPgDA4AEAJIECS9vcGVucnRiMpgEAKIEDjE4NS4yMzIuMjMuMTgwqASeAbIEDAgAEAAYACAAMAA4ArgEAMAEAMgEANoEAggB4AQA8ASnossliAUBmAUAoAWVzaOL9sX4vDCqBSo0ODA1MjkwZi0yMjY5LTQ3MjAtYjMzMy04OWVjNzhiNmIxM2Z-ODgzfjHABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AWy1gH6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AG7o8B2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcMMTMyMzQ3MTk2ODQ5ugcPCAAQABgAIAAwADi_BkAAyAfq3gXSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwBwCKCAIQAA..&s=04fe94c83e1678d69361fac37458032089d5b24f&bdref=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7%23gsc.tab%3D0%26gsc.q%3Df326e2b2eb1f84179c8d81fb31d22ea7%26gsc.page%3D1&bdtop=true&bdifs=1&bstk=https%3A%2F%2Fwww.threatminer.org%2Fsample.php%3Fq%3Df326e2b2eb1f84179c8d81fb31d22ea7%23gsc.tab%3D0%26gsc.q%3Df326e2b2eb1f84179c8d81fb31d22ea7%26gsc.page%3D1,about%3Ablank&

Requested by

Host: lax1-ib.adnxs-simple.com
URL: https://lax1-ib.adnxs-simple.com/ab?an_audit=0&referrer=www.threatminer.org&e=wqT_3QK4KWy4FAAAAwDWAAUBCIaK6Y0GEPHLt6KDkoOtHhj_EQF4ASo2CW6-Ed2zrpE_EVVd0fdkD44_GQAAAOCjcBlAIRESACkRJNAxAAAAgD0Ktz8wspn5CDizGUDlHkhlUKeiyyVYnMuFAWAAaJ3JnAF46t4FgAEBigEDVVNEkgUG9F4BmAHYBaABWqgBAbABALgBAsABBcgBAtABANgBAOABAPABALICATDYAqRD4ALq-SXqAhN3d3cudGhyZWF0bWluZXIub3Jn8gIMCgZIRUlHSFQSAjkw8gIMCgVXSURUSBIDNzI48gIhCgZMT0FERVISF3JlbmRlcl9wb3N0X2Fkc192MS5odG1s8gIYCgpJRlJBTUVfS0VZEgoxMjk4NDQ2ODE58gKiDwoLUFJFX1NDUklQVFMSkg88c2NyaXB0PihmdW5jdGlvbigpey8qCgogQ29weXJpZ2h0IFRoZSBDbG9zdXJlIExpYnJhcnkgQXV0aG9ycy4KIFNQRFgtTGljZW5zZS1JZGVudGlmaWVyOiBBcGFjaGUtMi4wCiovCnZhciBoPXRoaXN8fHNlbGY7LyoKCiBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMAoqLwpmdW5jAZxgIGsoYil7a1siICJdKGIpO3JldHVybiBifQkTED1mdW5jASjwUigpe307dmFyIG09UmVnRXhwKCJeaHR0cHM_Oi8vKFxcd3wtKStcXC5jZG5cXC5hbXBwcm9qZWN0XFwuKG5ldHxvcmcpKFxcP3wvfCQpIik7CmZ1CVkAIAFbAVkIYj1oBWEMYz1bXQUJIGU9bnVsbDtkbwUfGGE9Yjt0cnkFDCxkO2lmKGQ9ISFhJiYBJBwhPWEubG9jYQGpIC5ocmVmKWI6ewEtkGsoYS5mb28pO2Q9ITA7YnJlYWsgYn1jYXRjaChsKXt9ZD0hMX0BfQhnPWQZFwBnARYQaWYoZykFbgBmPl4AODtlPWEuZG9jdW1lbnQmJhkMKC5yZWZlcnJlcnx8AZckfWVsc2UgZj1lLA3LTGMucHVzaChuZXcgcChmfHwiIikpBdUkYj1hLnBhcmVudBmGAGIF__BAfX13aGlsZShiJiZhIT1iKTthPTA7Zm9yKGI9Yy5sZW5ndGgtMTthPD1iOysrYSljW2FdLmRlcHRoPWItYTthPWghKzkeAa41KjhhbmNlc3Rvck9yaWdpbnNuHAANawA9HXUAKQmGDDE7YjwRikw7KytiKWY9Y1tiXSxmLnVybHx8KAUILkIBOnYAFFtiLQoxXSEMGCxmLmg9ITAB4ykiAGgZqyHVFCwhMSk7ZiUWJQIEZT0yBAEgMDw9ZTstLWUpIbpEPWNbZV0sIWYmJm0udGVzdChnAY8gKSYmKGY9ZyksBQ4oJiYhZy5oKXthPWdJGwB9DV0AZRXmBCYmAcwBOwQ7MEFlAGQhWggmJmUFSAEbCCk7YwWtEHEoYSxmdT4UYy5nP2MuBWUMOmMuaQFAAH1xSTQgcShiLGMpe3RoaXMuaUHVAQkIZz1jGSIAcB0iCHVybBEkFGg9ISFjOwUvBYglCgR9OxVZBHIoSbCIYj1uKCksYz1iLmluZGV4T2YoIj8iKTtzZXRUaW1lb3V0KGZ51UH9RGU9dm9pZCAwPT09ZT8uMDE6ZUE1RCEoTWF0aC5yYW5kb20oKT5lKQlfBGE9UfsMLmN1ckG0KFNjcmlwdDthPShhGUoEYT9hA6A6YSkmJiI3NyI9PT1hLmdldEF0dHJpYnV0ZSgiZGF0YS1qYyIpP2E6ZG1OQC5xdWVyeVNlbGVjdG9yKCdbDSUAPQFEGF0nKTtlPSKFd1g6Ly9wYWdlYWQyLmdvb2dsZXN5bmRpY4kDCGNvbQ0ekC9nZW5fMjA0P2lkPWpjYSZqYz03NyZ2ZXJzaW9uPSIrKGEmJmFWmAAALQ0mkCIpfHwidW5rbm93biIpKyImc2FtcGxlPSIrZTthPXdpbmRvdzshR42WMGEubmF2aWdhdG9yKWQuDgBQLnVzZXJBZ2VudCxkPS9DaHJvbWUvSZ4gZCkmJiEvRWRnGREcPyEwOiExO2RhlhVRMC5zZW5kQmVhY29uPwodaR0YFChlKTooYS0VQF9pbWFnZV9yZXF1ZXN0c3x8XhoAED1bXSksAa4x3AQsZDnLBGQ_ERY8OmQsZD1kLmNyZWF0ZUVsZaEBPCgiaW1nIiksZC5zcmM9ZSxafACJ-xhkKSl9fSwwdSpcMDw9Yz9iLnN1YnN0cmluZygwLGMpOmJ9KVcMLnJmbC6CBs2dgGVuY29kZVVSSUNvbXBvbmVudChyKCkpfTt9KS5jYWxsKGEkECk7Cjwv7Ypo8gLJAgoKRVhUUkFfVEFHUxK6AjxkaXYgc3R5IckMcG9zacE7ZDogYWJzb2x1dGU7IGxlZnQ6IDBweDsgdG9wDQpkdmlzaWJpbGl0eTogaGlkZGVuOyI-PGltZyAB--KZAhRhd2JpZCYFBvCGX2I9QUtBbWYtRE5Ia2ltTXpBQVFubVl3S0ZVMWsydm5mWEhsTUFoYkJQNjZZbmVSbU54M0ZDTGFkVXlmaGMyc19VOTc2WkdYQ20xN0xCcUJvd1RWSDViVHJ0S2ZmRTluYmNjNXciIGJvcmRlcj0wIHdpZHRoPTEgaGVpZ2h0PTEgYWx0PSIiMRqoZGlzcGxheTpub25lIj48L2Rpdj7yApoBCgxQT1NUX1NDUklQVFMSiQE8c4UENggBaZlQYWRzLmcuZG91YmxlY2xpY2submV0cZ88eGJmZV9iYWNrZmlsbC5qcwFlLbUNUy5HCSgge3IzcHgoJzEyORqACRwnKTt9KSgpOz3rEJwPChBIAZ40UE9SVF9QQVJBTVMShw-RNoqVAPB9YWRmZXRjaD9hZGs9NDE1MjA0ODAyMSZhZHNhZmU9bWVkaXVtJmNsaWVudD1jYS1wdWItMzA3Njg5MDAxMjc0MTQ2NyZmb3JtYXQ9NzI4eDkwX2FzJmlwPTE4NS4yMzIuMjMuMCZvdXRwdXQ9aHRtbCZ1bnZpZXdlZF9wb3NpQYogX3N0YXJ0PTEmof8Ad0bUChAmc3ViXw2CAGJBifB9ci00OTgyNDIyJmhsPWRlJmFjZWlkPU1ERFU1Z0Q1VlRRQmttQTBBUzlqTkFHU2JUUUJzVzQwQWVWdU5BR25ielFCd204MEFSUndOQUVlY0RRQlhuQTBBWXR3TkFHMWNEUUIzWEEwQVE1eE5BRlVjVFFCVlhFMEFXWnhOQUY0ARAsaDNFMEFhQnhOQUdqARAsdFhFMEFkRnhOQUhTBRD0XAgyeEJBVXR6UVFGVGMwRUJ0QjFjQWpqSVhBTFc5b2dDUWZlSUFyTDNpQUo1UUtvQ0owS3FBaWhDcWdKc1c2b0NmbUtxQW1kb3FnSjZjNm9DX25pcUF1SjdxZ0x1aHFvQ2pZcXFBb0NicWdLQm02b0NncHVxQWhhbnFnS2xwNm9Db3FpcUF0NnJxZ0lzcktvQ0hLNnFBaDZ1cWdLVnI2b0NkN0NxQW5td3FnS0FzS29DZ3JDcUFvbXdxZ0toczZvQ3RyU3FBc2UxcWdKVHVxb0NyOENxQXV6QnFnTFd6S29DS00ycUFqTE9xZ0pOenFvQ3U4NnFBczdUcWdKTjFhb0NTZGFxQXBQWHFnSXMyS29DajlpcUFqN1pxZ0o5MmFvQ2U5cXFBaDdicWdLYTNLb0NyZHlxQWtfZHFnSW8zcW9DTnQ2cUFsWGVxZ0o5M3FvQ29kNnFBc2JlcWdMbDNxb0NrLUtxQXRUaXFnSmo0Nm9DOXVPcUF2dmtxZ0tnNWFvQzR1V3FBZ2ZucWdKczZLb0MzdWlxQW83cXFnSzI2cW9DOC11cUFrYnNxZ0tVN0tvQ24teXFBa3Z0cWdKajdhb0NQTzZxQXJ6WXRnZjgxMzhJMFlZakNxM09aUTVadGZzU0ljWDdFZ2JKLXhKT3pmc1N6dEg3RXJ2Yy14TDU1ZnNTQk9yN0VrcnIteEo3Nl9zU3AtdjdFaUhzLXhLQTdQc1NpdXo3RW1idC14Snk3ZnNTNE8zN0VoRHcteEpBOFBzU2xtWmtFLWxiMEJPY3l4d1k5MVpyR2tnZnJCdUd2UDhqV3dDU0tkZk90UzRwSXZwQzlqLWZUQSZleGs9MTI5ODQ0NjgxOSZhd2JpZF9jPUFLQW1mLURVcmFvbjdaZk4zQ2pGaGZ1MWRyYjFEazktT2xxcGRKRFZPejhWbWJFeDU2NEtTZVZ1dDljc0JFNV9RZXhaM3BfTVBpRHpUaE1jZzFfaXdLRzl5ZzNYeC1kdDFpenM4MVFtREpoT1ZLQTdwTEpCd19QR09UMS1wVmh2MFJXU1dMbzlyUFFhWDBnU2tNQ3cyaFFBVzNzQThwLWhLUSZhd2JpZF9kPUFLQW1mLUFfcVZ1dC1YTXlka2N2LWFLMnU2enZHSF94Q1ZCSmlYam1WcGRybGwyWEJfQXJ5b1JtcUV0cVdBMUhkSzJYZlBOZ3NCbVN4VFU1OXF2ZlExWkNfMl9UejkzN1lmTXZSVVc3c2pPZWhlbFRpY283ZUV0azlpS0MwMFludlJhOXBFZmR0aWtndDdZaWFaa2NzVWJ2Mk5LbkdzbjRSR1NDeVo0ZHFkMnktdTlhU3dReGNlakI5RWo2SFlra3VkbmVIN3NJWWJ1S3FmSEpqSjVmX3l5TDJTNl9XNmNXdzB1U3VNNlF0ZjBRdUpUT2RQLTZocFpGbGUwOHE3SE1hWTVlRFhWTUs3dVpKQXpSTjh5WkNyWURZZVd0Z29MaHg3N1pxMVpVUkJCM055QkpKN1RnZ3JjTnhGa0xBcGdOdkNQaFRZLWhjQmZRNlhuZk1YWmRWWkZHT3RheDBPYlVMbWVXSGdlVzlYRFMxOEFZbHZXMDlRX1BIZjZPU1BTY295bmxWNnFZVUZMcnBscHh1QUVUR3NjWjJuLW1hOEE5ZGV2dmJDdXM0ZmZiUjI0V2kzRjBmY0xVWXhnWU9sTXlMTHNGeXJ1R3I4Nk5jMF90cHVTMDlZX0xRWnZvNWZqWlk2a0ZzSmJYLWVhb2NZN1pqNndzbUhnbzhsdnp0S09vUUgzMU4xR1NwZXNRSjgtRXM5RDZoRmdLREdBNldnNkd4bXhSUEIxUThYeVZ2bVAtb0NOcnJDazVnWndfZklUU2tkU0FnUVFFWUNuZUxBWFBJRGxxbV9Od191UERDS0Y1TXNUUU1lbkhSR1NXZFlfM1RsU2xtTFl2ejZuS3ZUWVJNVXJBWFl2Vy1jSlNlTTA2Q2JPdkVJWEx3SU5GX3hRXzhObkdjQnVRQ080UGZfNDdZakNydFVvJmNpZD1DQUFTQk9Sb2hiZyZhX2NpZD2AAwGIAwCQAwCYAxSgAwGqA-oBCr8BaHR0cHM6Ly9wYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbS9wYWdlYWQvZ2VuXzIwND9pZD1hd2JpZCZhd2JpZF9iPUFLQW1mLURCNnVtNmVSa1o1QmdYdURVSlNXR3NYLWFwZ0p5QS02OXQxOWJXOTV0Ui0wZ05iUlRzaF9CcEdvVkRQQTJUbE01SkZVRzlzMGtOZlI4M3NRMzZ5R1UyS1psaU5nJnByPTEwOiR7QVVDVElPTl9QUklDRX0aEzIxODcwNzQzODI1MzQxNDE0MjUiCDc4ODI3ODE1KgQzOTQxOgEwwAOsAsgDANgDAOADAOgDAPgDA4AEAJIECS9vcGVucnRiMpgEAKIEDjE4NS4yMzIuMjMuMTgwqASeAbIEDAgAEAAYACAAMAA4ALgEAMAEAMgEANoEAggB4AQA8ASnossliAUBmAUAoAWVzaOL9sX4vDCqBSo0ODA1MjkwZi0yMjY5LTQ3MjAtYjMzMy04OWVjNzhiNmIxM2Z-ODgzfjHABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AWy1gH6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AG7o8B2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcMMTMyMzQ3MTk2ODQ5ugcPCAAQABgAIAAwADi_BkAAyAfq3gXSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwBwCKCAIQAA..&s=6dc008e505dadf01526375899aab1cd463386c06&pp=0.014678

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.254.148.196 Los Angeles, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

547.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Dec 2021 19:41:59 GMT
X-Proxy-Origin: 185.232.23.181; 185.232.23.181; 547.bm-nginx-loadbalancer.mgmt.lax1; adnxs-simple.com
AN-X-Request-Uuid: bc6f352e-9464-4474-93cc-708261103de5
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7798
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

83ms
82ms

Document
text/html

2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 15 Dec 2021 19:41:59 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 15 Dec 2021 19:41:59 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 15 Dec 2021 19:41:59 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js Show response
pagead2.googlesyndication.com/bg/ Frame 213A 35 KB
13 KB 14ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53f0cf5f2fef7e5a938d553f62eb56266d1ac4e244eb7dcd40630614485fdacd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 14 Dec 2021 13:27:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 108887
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13577
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 14 Dec 2022 13:27:12 GMT

GET
H3 200 txt1_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/ Frame 681B 3 KB
3 KB 10ms
10ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/txt1_1.png?1607436056177

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74d986f56c5ee88c038417c10d626e8e6ba182100c06a603c7c296cd69da328f

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 30009
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3038
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Wed, 15 Dec 2021 11:21:50 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 15 Dec 2022 11:21:50 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D197
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

79ms
78ms

Document
text/html

2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 15 Dec 2021 19:41:59 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 15 Dec 2021 19:41:59 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 15 Dec 2021 19:41:59 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js Show response
pagead2.googlesyndication.com/bg/ Frame 3B6D 35 KB
13 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53f0cf5f2fef7e5a938d553f62eb56266d1ac4e244eb7dcd40630614485fdacd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 14 Dec 2021 13:27:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 108887
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13577
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 14 Dec 2022 13:27:12 GMT

POST
H3 200 1a Show response
i.clean.gg/ Frame 17A4 0
15 B 108ms
98ms XHR
application/octet-stream 34.95.69.49
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Requested by: Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.69.49 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.17.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 15 Dec 2021 19:41:59 GMT
via: 1.1 google
server: nginx/1.17.4
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1 200
OK if Show response
lax1-ib.adnxs-simple.com/ Frame 9B85 8 KB
5 KB 299ms
168ms Document
text/html 104.254.148.196
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://lax1-ib.adnxs-simple.com/if?an_audit=0&referrer=www.threatminer.org&e=wqT_3QK4KWy4FAAAAwDWAAUBCIaK6Y0GEPHLt6KDkoOtHhj_EQF4ASo2CW--Ed2zrpE_EVVd0fdkD44_GQAAAOCjcBlAIRESBCluDSTQMQAAAIA9Crc_MLKZ-Qg4sxlA5R5IZVCnosslWJzLhQFgAGidyZwBeOreBYABAYoBA1VTRJIFBvReAZgB2AWgAVqoAQGwAQC4AQLAAQXIAQLQAQDYAQDgAQDwAQCyAgEw2AKkQ-AC6vkl6gITd3d3LnRocmVhdG1pbmVyLm9yZ_ICDAoGSEVJR0hUEgI5MPICDAoFV0lEVEgSAzcyOPICIQoGTE9BREVSEhdyZW5kZXJfcG9zdF9hZHNfdjEuaHRtbPICGAoKSUZSQU1FX0tFWRIKMTI5ODQ0NjgxOfICog8KC1BSRV9TQ1JJUFRTEpIPPHNjcmlwdD4oZnVuY3Rpb24oKXsvKgoKIENvcHlyaWdodCBUaGUgQ2xvc3VyZSBMaWJyYXJ5IEF1dGhvcnMuCiBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMAoqLwp2YXIgaD10aGlzfHxzZWxmOy8qCgogU1BEWC1MaWNlbnNlLUlkZW50aWZpZXI6IEFwYWNoZS0yLjAKKi8KZnVuYwGcYCBrKGIpe2tbIiAiXShiKTtyZXR1cm4gYn0JExA9ZnVuYwEo8FIoKXt9O3ZhciBtPVJlZ0V4cCgiXmh0dHBzPzovLyhcXHd8LSkrXFwuY2RuXFwuYW1wcHJvamVjdFxcLihuZXR8b3JnKShcXD98L3wkKSIpOwpmdQlZACABWwFZCGI9aAVhDGM9W10FCSBlPW51bGw7ZG8FHxhhPWI7dHJ5BQwsZDtpZihkPSEhYSYmASQcIT1hLmxvY2EBqSAuaHJlZiliOnsBLZBrKGEuZm9vKTtkPSEwO2JyZWFrIGJ9Y2F0Y2gobCl7fWQ9ITF9AX0IZz1kGRcAZwEWEGlmKGcpBW4AZj5eADg7ZT1hLmRvY3VtZW50JiYZDCgucmVmZXJyZXJ8fAGXJH1lbHNlIGY9ZSwNy0xjLnB1c2gobmV3IHAoZnx8IiIpKQXVJGI9YS5wYXJlbnQZhgBiBf_wQH19d2hpbGUoYiYmYSE9Yik7YT0wO2ZvcihiPWMubGVuZ3RoLTE7YTw9YjsrK2EpY1thXS5kZXB0aD1iLWE7YT1oISs5HgGuNSo4YW5jZXN0b3JPcmlnaW5zbhwADWsAPR11ACkJhgwxO2I8EYpMOysrYilmPWNbYl0sZi51cmx8fCgFCC5CATp2ABRbYi0KMV0hDBgsZi5oPSEwAeMpIgBoGash1RQsITEpO2YlFiUCBGU9MgQBIDA8PWU7LS1lKSG6RD1jW2VdLCFmJiZtLnRlc3QoZwGPICkmJihmPWcpLAUOKCYmIWcuaCl7YT1nSRsAfQ1dAGUV5gQmJgHMATsEOzBBZQBkIVoIJiZlBUgBGwgpO2MFrRBxKGEsZnU-FGMuZz9jLgVlDDpjLmkBQAB9cUk0IHEoYixjKXt0aGlzLmlB1QEJCGc9YxkiAHAdIgh1cmwRJBRoPSEhYzsFLwWIJQoEfTsVWQRyKEmwiGI9bigpLGM9Yi5pbmRleE9mKCI_Iik7c2V0VGltZW91dChmedVB_URlPXZvaWQgMD09PWU_LjAxOmVBNUQhKE1hdGgucmFuZG9tKCk-ZSkJXwRhPVH7DC5jdXJBtChTY3JpcHQ7YT0oYRlKBGE_YQOgOmEpJiYiNzciPT09YS5nZXRBdHRyaWJ1dGUoImRhdGEtamMiKT9hOmRtTkAucXVlcnlTZWxlY3RvcignWw0lAD0BRBhdJyk7ZT0ihXdYOi8vcGFnZWFkMi5nb29nbGVzeW5kaWOJAwhjb20NHpAvZ2VuXzIwND9pZD1qY2EmamM9NzcmdmVyc2lvbj0iKyhhJiZhVpgAAC0NJpAiKXx8InVua25vd24iKSsiJnNhbXBsZT0iK2U7YT13aW5kb3c7IUeNljBhLm5hdmlnYXRvcilkLg4AUC51c2VyQWdlbnQsZD0vQ2hyb21lL0meIGQpJiYhL0VkZxkRHD8hMDohMTtkYZYVUTAuc2VuZEJlYWNvbj8KHWkdGBQoZSk6KGEtFUBfaW1hZ2VfcmVxdWVzdHN8fF4aABA9W10pLAGuMdwELGQ5ywRkPxEWPDpkLGQ9ZC5jcmVhdGVFbGWhATwoImltZyIpLGQuc3JjPWUsWnwAifsYZCkpfX0sMHUqXDA8PWM_Yi5zdWJzdHJpbmcoMCxjKTpifSlXDC5yZmwuggbNnYBlbmNvZGVVUklDb21wb25lbnQocigpKX07fSkuY2FsbChhJBApOwo8L-2KaPICyQIKCkVYVFJBX1RBR1MSugI8ZGl2IHN0eSHJDHBvc2nBO2Q6IGFic29sdXRlOyBsZWZ0OiAwcHg7IHRvcA0KZHZpc2liaWxpdHk6IGhpZGRlbjsiPjxpbWcgAfvimQIUYXdiaWQmBQbwhl9iPUFLQW1mLUROSGtpbU16QUFRbm1Zd0tGVTFrMnZuZlhIbE1BaGJCUDY2WW5lUm1OeDNGQ0xhZFV5ZmhjMnNfVTk3NlpHWENtMTdMQnFCb3dUVkg1YlRydEtmZkU5bmJjYzV3IiBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0iIjEaqGRpc3BsYXk6bm9uZSI-PC9kaXY-8gKaAQoMUE9TVF9TQ1JJUFRTEokBPHOFBDYIAWmZUGFkcy5nLmRvdWJsZWNsaWNrLm5ldHGfPHhiZmVfYmFja2ZpbGwuanMBZS21DVMuRwkoIHtyM3B4KCcxMjkagAkcJyk7fSkoKTs96xCcDwoQSAGeNFBPUlRfUEFSQU1TEocPkTaKlQDwfWFkZmV0Y2g_YWRrPTQxNTIwNDgwMjEmYWRzYWZlPW1lZGl1bSZjbGllbnQ9Y2EtcHViLTMwNzY4OTAwMTI3NDE0NjcmZm9ybWF0PTcyOHg5MF9hcyZpcD0xODUuMjMyLjIzLjAmb3V0cHV0PWh0bWwmdW52aWV3ZWRfcG9zaUGKIF9zdGFydD0xJqH_AHdG1AoQJnN1Yl8NggBiQYnwfXItNDk4MjQyMiZobD1kZSZhY2VpZD1NRERVNWdENVZUUUJrbUEwQVM5ak5BR1NiVFFCc1c0MEFlVnVOQUduYnpRQndtODBBUlJ3TkFFZWNEUUJYbkEwQVl0d05BRzFjRFFCM1hBMEFRNXhOQUZVY1RRQlZYRTBBV1p4TkFGNAEQLGgzRTBBYUJ4TkFHagEQLHRYRTBBZEZ4TkFIUwUQ9FwIMnhCQVV0elFRRlRjMEVCdEIxY0FqaklYQUxXOW9nQ1FmZUlBckwzaUFKNVFLb0NKMEtxQWloQ3FnSnNXNm9DZm1LcUFtZG9xZ0o2YzZvQ19uaXFBdUo3cWdMdWhxb0NqWXFxQW9DYnFnS0JtNm9DZ3B1cUFoYW5xZ0tscDZvQ29xaXFBdDZycWdJc3JLb0NISzZxQWg2dXFnS1ZyNm9DZDdDcUFubXdxZ0tBc0tvQ2dyQ3FBb213cWdLaHM2b0N0clNxQXNlMXFnSlR1cW9DcjhDcUF1ekJxZ0xXektvQ0tNMnFBakxPcWdKTnpxb0N1ODZxQXM3VHFnSk4xYW9DU2RhcUFwUFhxZ0lzMktvQ2o5aXFBajdacWdKOTJhb0NlOXFxQWg3YnFnS2EzS29DcmR5cUFrX2RxZ0lvM3FvQ050NnFBbFhlcWdKOTNxb0NvZDZxQXNiZXFnTGwzcW9Day1LcUF0VGlxZ0pqNDZvQzl1T3FBdnZrcWdLZzVhb0M0dVdxQWdmbnFnSnM2S29DM3VpcUFvN3FxZ0syNnFvQzgtdXFBa2JzcWdLVTdLb0NuLXlxQWt2dHFnSmo3YW9DUE82cUFyell0Z2Y4MTM4STBZWWpDcTNPWlE1WnRmc1NJY1g3RWdiSi14Sk96ZnNTenRIN0VydmMteEw1NWZzU0JPcjdFa3JyLXhKNzZfc1NwLXY3RWlIcy14S0E3UHNTaXV6N0VtYnQteEp5N2ZzUzRPMzdFaER3LXhKQThQc1NsbVprRS1sYjBCT2N5eHdZOTFackdrZ2ZyQnVHdlA4ald3Q1NLZGZPdFM0cEl2cEM5ai1mVEEmZXhrPTEyOTg0NDY4MTkmYXdiaWRfYz1BS0FtZi1EVXJhb243WmZOM0NqRmhmdTFkcmIxRGs5LU9scXBkSkRWT3o4Vm1iRXg1NjRLU2VWdXQ5Y3NCRTVfUWV4WjNwX01QaUR6VGhNY2cxX2l3S0c5eWczWHgtZHQxaXpzODFRbURKaE9WS0E3cExKQndfUEdPVDEtcFZodjBSV1NXTG85clBRYVgwZ1NrTUN3MmhRQVczc0E4cC1oS1EmYXdiaWRfZD1BS0FtZi1BX3FWdXQtWE15ZGtjdi1hSzJ1Nnp2R0hfeENWQkppWGptVnBkcmxsMlhCX0FyeW9SbXFFdHFXQTFIZEsyWGZQTmdzQm1TeFRVNTlxdmZRMVpDXzJfVHo5MzdZZk12UlVXN3NqT2VoZWxUaWNvN2VFdGs5aUtDMDBZbnZSYTlwRWZkdGlrZ3Q3WWlhWmtjc1VidjJOS25Hc240UkdTQ3laNGRxZDJ5LXU5YVN3UXhjZWpCOUVqNkhZa2t1ZG5lSDdzSVlidUtxZkhKako1Zl95eUwyUzZfVzZjV3cwdVN1TTZRdGYwUXVKVE9kUC02aHBaRmxlMDhxN0hNYVk1ZURYVk1LN3VaSkF6Uk44eVpDcllEWWVXdGdvTGh4NzdacTFaVVJCQjNOeUJKSjdUZ2dyY054RmtMQXBnTnZDUGhUWS1oY0JmUTZYbmZNWFpkVlpGR090YXgwT2JVTG1lV0hnZVc5WERTMThBWWx2VzA5UV9QSGY2T1NQU2NveW5sVjZxWVVGTHJwbHB4dUFFVEdzY1oybi1tYThBOWRldnZiQ3VzNGZmYlIyNFdpM0YwZmNMVVl4Z1lPbE15TExzRnlydUdyODZOYzBfdHB1UzA5WV9MUVp2bzVmalpZNmtGc0piWC1lYW9jWTdaajZ3c21IZ284bHZ6dEtPb1FIMzFOMUdTcGVzUUo4LUVzOUQ2aEZnS0RHQTZXZzZHeG14UlBCMVE4WHlWdm1QLW9DTnJyQ2s1Z1p3X2ZJVFNrZFNBZ1FRRVlDbmVMQVhQSURscW1fTndfdVBEQ0tGNU1zVFFNZW5IUkdTV2RZXzNUbFNsbUxZdno2bkt2VFlSTVVyQVhZdlctY0pTZU0wNkNiT3ZFSVhMd0lORl94UV84Tm5HY0J1UUNPNFBmXzQ3WWpDcnRVbyZjaWQ9Q0FBU0JPUm9oYmcmYV9jaWQ9gAMBiAMAkAMAmAMUoAMBqgPqAQq_AWh0dHBzOi8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL2dlbl8yMDQ_aWQ9YXdiaWQmYXdiaWRfYj1BS0FtZi1EQjZ1bTZlUmtaNUJnWHVEVUpTV0dzWC1hcGdKeUEtNjl0MTliVzk1dFItMGdOYlJUc2hfQnBHb1ZEUEEyVGxNNUpGVUc5czBrTmZSODNzUTM2eUdVMktabGlOZyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMyMTg3MDc0MzgyNTM0MTQxNDI1Igg3ODgyNzgxNSoEMzk0MToBMMADrALIAwDYAwDgAwDoAwD4AwOABACSBAkvb3BlbnJ0YjKYBACiBA4xODUuMjMyLjIzLjE4MKgEngGyBAwIABAAGAAgADAAOAK4BADABADIBADaBAIIAeAEAPAEp6LLJYgFAZgFAKAFlc2ji_bF-LwwqgUqNDgwNTI5MGYtMjI2OS00NzIwLWIzMzMtODllYzc4YjZiMTNmfjg4M34xwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFstYB-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_QBu6PAdoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDEzMjM0NzE5Njg0OboHDwgAEAAYACAAMAA4vwZAAMgH6t4F0gcNCQAAAAAAAAAAEAAYANoHBggAEAAYAOAHAOoHAggA8AcAiggCEAA.&s=c9478ef3dc3cc589a6370900713131bd6526c7f9

Requested by

Host: blank
URL: about:blank

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.254.148.196 Los Angeles, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

547.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

ca0a9838b2f871fb9c22e4fdec2262e0331e8dab389f82644ffdd0bd865a1e85

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Server: nginx/1.17.9
Date: Wed, 15 Dec 2021 19:42:00 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
X-Creative-ID: 78827815
AN-X-Request-Uuid: 58561261-6b24-4a2b-8cc5-1c432272ab4c
X-Proxy-Origin: 185.232.23.181; 185.232.23.181; 547.bm-nginx-loadbalancer.mgmt.lax1; adnxs-simple.com
Content-Encoding: gzip

GET
H/1.1

200
OK

jot.html Show response
platform.twitter.com/ Frame 8F30
Redirect Chain

https://syndication.twitter.com/i/jot
https://platform.twitter.com/jot.html

80 B
571 B

40ms
40ms

Document
text/html

2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/jot.html
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (mil/6CF2) /
Resource Hash: 90214d135602962e47ea9587a7eeb62fac1c64a541e373ea76e2b4e8b33e3f88

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://www.threatminer.org
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 515736
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Wed, 15 Dec 2021 19:41:59 GMT
Etag: "d9592a6c704736fa4da218d4357976dd"
Last-Modified: Thu, 02 Dec 2021 21:35:27 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (mil/6CF2)
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 80

Redirect headers

date: Wed, 15 Dec 2021 19:41:59 GMT
pragma: no-cache
server: tsa_o
status: 302 Found
expires: Tue, 31 Mar 1981 05:00:00 GMT
location: https://platform.twitter.com/jot.html
content-type: text/html;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Wed, 15 Dec 2021 19:41:59 GMT
x-transaction: dec09a2ca34a489d
content-length: 0
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-content-type-options: nosniff
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
x-response-time: 131
x-connection-hash: 36fdd692ab8006108ceb38748143bda8dddaa8f0bc320809db1d6005ca945494

OPTIONS
H2 204 1a
i.clean.gg/ Frame 0
0 127ms
95ms Preflight
text/plain 34.95.69.49
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.69.49 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.17.4 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.threatminer.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx/1.17.4
date: Wed, 15 Dec 2021 19:41:59 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-max-age: 1728000
content-type: text/plain; charset=utf-8
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3 200 txt1_2.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/ Frame 681B 4 KB
4 KB 8ms
8ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/txt1_2.png?1607436056177

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ed69fe012de9255a0662c46691693c154011e9042e1adf56759921a1f4a38e9

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 602896
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4437
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Wed, 08 Dec 2021 20:13:43 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 08 Dec 2022 20:13:43 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame BB24 42 B
64 B 41ms
41ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvr-vXsQwTTtH9qavZpzAXwY9ABnrjQ2qHSqL4n5rzvhceTh478izZwG8bg5iRcf7_gAq4a0dr4Ssxbz2o2hdwtlF9PkofTWw2mwqH77xvbiBt6aBQc_A&sai=AMfl-YQxxiDWMq9HhRrrAjoiIRXu3cLT4uyffFPHmA2pWtHWIf75drKyw5cszD_EAChWJUUoMg7r9_gvlAj_&sig=Cg0ArKJSzHy0-__5GS5nEAE&id=lidar2&mcvt=1046&p=0,0,200,1182&mtos=1046,1046,1046,1046,1046&tos=1046,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=2644663765&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639597317916&rpt=832&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Dec 2021 19:41:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 txt2.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/ Frame 681B 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12540294092154453593/images/txt2.png?1607436056177

Requested by

Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3de69e6337341b2a3b5dd38bf67b518ae04536f4094700c77f1d0718fd34578

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 73498
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1841
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Tue, 14 Dec 2021 23:17:01 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 14 Dec 2022 23:17:01 GMT

POST
H2 204 bulk Show response
trc.taboola.com/disqus-widget-safetylevel20longtail09/log/3/ Frame 36D3 0
276 B 29ms
29ms XHR
image/gif 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/disqus-widget-safetylevel20longtail09/log/3/bulk?route=AM%3AAM%3AV&lti=deflated&bulkSize=1
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20211215-1-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.threatminer.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 13
pragma: no-cache
date: Wed, 15 Dec 2021 19:41:59 GMT
via: 1.1 varnish
server: nginx
x-timer: S1639597320.966770,VS0,VE13
x-served-by: cache-cdg20753-CDG
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.threatminer.org
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9B85 0
20 B 41ms
40ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=awbid&awbid_b=AKAmf-DNHkimMzAAQnmYwKFU1k2vnfXHlMAhbBP66YneRmNx3FCLadUyfhc2s_U976ZGXCm17LBqBowTVH5bTrtKffE9nbcc5w

Requested by

Host: lax1-ib.adnxs-simple.com
URL: https://lax1-ib.adnxs-simple.com/if?an_audit=0&referrer=www.threatminer.org&e=wqT_3QK4KWy4FAAAAwDWAAUBCIaK6Y0GEPHLt6KDkoOtHhj_EQF4ASo2CW--Ed2zrpE_EVVd0fdkD44_GQAAAOCjcBlAIRESBCluDSTQMQAAAIA9Crc_MLKZ-Qg4sxlA5R5IZVCnosslWJzLhQFgAGidyZwBeOreBYABAYoBA1VTRJIFBvReAZgB2AWgAVqoAQGwAQC4AQLAAQXIAQLQAQDYAQDgAQDwAQCyAgEw2AKkQ-AC6vkl6gITd3d3LnRocmVhdG1pbmVyLm9yZ_ICDAoGSEVJR0hUEgI5MPICDAoFV0lEVEgSAzcyOPICIQoGTE9BREVSEhdyZW5kZXJfcG9zdF9hZHNfdjEuaHRtbPICGAoKSUZSQU1FX0tFWRIKMTI5ODQ0NjgxOfICog8KC1BSRV9TQ1JJUFRTEpIPPHNjcmlwdD4oZnVuY3Rpb24oKXsvKgoKIENvcHlyaWdodCBUaGUgQ2xvc3VyZSBMaWJyYXJ5IEF1dGhvcnMuCiBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMAoqLwp2YXIgaD10aGlzfHxzZWxmOy8qCgogU1BEWC1MaWNlbnNlLUlkZW50aWZpZXI6IEFwYWNoZS0yLjAKKi8KZnVuYwGcYCBrKGIpe2tbIiAiXShiKTtyZXR1cm4gYn0JExA9ZnVuYwEo8FIoKXt9O3ZhciBtPVJlZ0V4cCgiXmh0dHBzPzovLyhcXHd8LSkrXFwuY2RuXFwuYW1wcHJvamVjdFxcLihuZXR8b3JnKShcXD98L3wkKSIpOwpmdQlZACABWwFZCGI9aAVhDGM9W10FCSBlPW51bGw7ZG8FHxhhPWI7dHJ5BQwsZDtpZihkPSEhYSYmASQcIT1hLmxvY2EBqSAuaHJlZiliOnsBLZBrKGEuZm9vKTtkPSEwO2JyZWFrIGJ9Y2F0Y2gobCl7fWQ9ITF9AX0IZz1kGRcAZwEWEGlmKGcpBW4AZj5eADg7ZT1hLmRvY3VtZW50JiYZDCgucmVmZXJyZXJ8fAGXJH1lbHNlIGY9ZSwNy0xjLnB1c2gobmV3IHAoZnx8IiIpKQXVJGI9YS5wYXJlbnQZhgBiBf_wQH19d2hpbGUoYiYmYSE9Yik7YT0wO2ZvcihiPWMubGVuZ3RoLTE7YTw9YjsrK2EpY1thXS5kZXB0aD1iLWE7YT1oISs5HgGuNSo4YW5jZXN0b3JPcmlnaW5zbhwADWsAPR11ACkJhgwxO2I8EYpMOysrYilmPWNbYl0sZi51cmx8fCgFCC5CATp2ABRbYi0KMV0hDBgsZi5oPSEwAeMpIgBoGash1RQsITEpO2YlFiUCBGU9MgQBIDA8PWU7LS1lKSG6RD1jW2VdLCFmJiZtLnRlc3QoZwGPICkmJihmPWcpLAUOKCYmIWcuaCl7YT1nSRsAfQ1dAGUV5gQmJgHMATsEOzBBZQBkIVoIJiZlBUgBGwgpO2MFrRBxKGEsZnU-FGMuZz9jLgVlDDpjLmkBQAB9cUk0IHEoYixjKXt0aGlzLmlB1QEJCGc9YxkiAHAdIgh1cmwRJBRoPSEhYzsFLwWIJQoEfTsVWQRyKEmwiGI9bigpLGM9Yi5pbmRleE9mKCI_Iik7c2V0VGltZW91dChmedVB_URlPXZvaWQgMD09PWU_LjAxOmVBNUQhKE1hdGgucmFuZG9tKCk-ZSkJXwRhPVH7DC5jdXJBtChTY3JpcHQ7YT0oYRlKBGE_YQOgOmEpJiYiNzciPT09YS5nZXRBdHRyaWJ1dGUoImRhdGEtamMiKT9hOmRtTkAucXVlcnlTZWxlY3RvcignWw0lAD0BRBhdJyk7ZT0ihXdYOi8vcGFnZWFkMi5nb29nbGVzeW5kaWOJAwhjb20NHpAvZ2VuXzIwND9pZD1qY2EmamM9NzcmdmVyc2lvbj0iKyhhJiZhVpgAAC0NJpAiKXx8InVua25vd24iKSsiJnNhbXBsZT0iK2U7YT13aW5kb3c7IUeNljBhLm5hdmlnYXRvcilkLg4AUC51c2VyQWdlbnQsZD0vQ2hyb21lL0meIGQpJiYhL0VkZxkRHD8hMDohMTtkYZYVUTAuc2VuZEJlYWNvbj8KHWkdGBQoZSk6KGEtFUBfaW1hZ2VfcmVxdWVzdHN8fF4aABA9W10pLAGuMdwELGQ5ywRkPxEWPDpkLGQ9ZC5jcmVhdGVFbGWhATwoImltZyIpLGQuc3JjPWUsWnwAifsYZCkpfX0sMHUqXDA8PWM_Yi5zdWJzdHJpbmcoMCxjKTpifSlXDC5yZmwuggbNnYBlbmNvZGVVUklDb21wb25lbnQocigpKX07fSkuY2FsbChhJBApOwo8L-2KaPICyQIKCkVYVFJBX1RBR1MSugI8ZGl2IHN0eSHJDHBvc2nBO2Q6IGFic29sdXRlOyBsZWZ0OiAwcHg7IHRvcA0KZHZpc2liaWxpdHk6IGhpZGRlbjsiPjxpbWcgAfvimQIUYXdiaWQmBQbwhl9iPUFLQW1mLUROSGtpbU16QUFRbm1Zd0tGVTFrMnZuZlhIbE1BaGJCUDY2WW5lUm1OeDNGQ0xhZFV5ZmhjMnNfVTk3NlpHWENtMTdMQnFCb3dUVkg1YlRydEtmZkU5bmJjYzV3IiBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0iIjEaqGRpc3BsYXk6bm9uZSI-PC9kaXY-8gKaAQoMUE9TVF9TQ1JJUFRTEokBPHOFBDYIAWmZUGFkcy5nLmRvdWJsZWNsaWNrLm5ldHGfPHhiZmVfYmFja2ZpbGwuanMBZS21DVMuRwkoIHtyM3B4KCcxMjkagAkcJyk7fSkoKTs96xCcDwoQSAGeNFBPUlRfUEFSQU1TEocPkTaKlQDwfWFkZmV0Y2g_YWRrPTQxNTIwNDgwMjEmYWRzYWZlPW1lZGl1bSZjbGllbnQ9Y2EtcHViLTMwNzY4OTAwMTI3NDE0NjcmZm9ybWF0PTcyOHg5MF9hcyZpcD0xODUuMjMyLjIzLjAmb3V0cHV0PWh0bWwmdW52aWV3ZWRfcG9zaUGKIF9zdGFydD0xJqH_AHdG1AoQJnN1Yl8NggBiQYnwfXItNDk4MjQyMiZobD1kZSZhY2VpZD1NRERVNWdENVZUUUJrbUEwQVM5ak5BR1NiVFFCc1c0MEFlVnVOQUduYnpRQndtODBBUlJ3TkFFZWNEUUJYbkEwQVl0d05BRzFjRFFCM1hBMEFRNXhOQUZVY1RRQlZYRTBBV1p4TkFGNAEQLGgzRTBBYUJ4TkFHagEQLHRYRTBBZEZ4TkFIUwUQ9FwIMnhCQVV0elFRRlRjMEVCdEIxY0FqaklYQUxXOW9nQ1FmZUlBckwzaUFKNVFLb0NKMEtxQWloQ3FnSnNXNm9DZm1LcUFtZG9xZ0o2YzZvQ19uaXFBdUo3cWdMdWhxb0NqWXFxQW9DYnFnS0JtNm9DZ3B1cUFoYW5xZ0tscDZvQ29xaXFBdDZycWdJc3JLb0NISzZxQWg2dXFnS1ZyNm9DZDdDcUFubXdxZ0tBc0tvQ2dyQ3FBb213cWdLaHM2b0N0clNxQXNlMXFnSlR1cW9DcjhDcUF1ekJxZ0xXektvQ0tNMnFBakxPcWdKTnpxb0N1ODZxQXM3VHFnSk4xYW9DU2RhcUFwUFhxZ0lzMktvQ2o5aXFBajdacWdKOTJhb0NlOXFxQWg3YnFnS2EzS29DcmR5cUFrX2RxZ0lvM3FvQ050NnFBbFhlcWdKOTNxb0NvZDZxQXNiZXFnTGwzcW9Day1LcUF0VGlxZ0pqNDZvQzl1T3FBdnZrcWdLZzVhb0M0dVdxQWdmbnFnSnM2S29DM3VpcUFvN3FxZ0syNnFvQzgtdXFBa2JzcWdLVTdLb0NuLXlxQWt2dHFnSmo3YW9DUE82cUFyell0Z2Y4MTM4STBZWWpDcTNPWlE1WnRmc1NJY1g3RWdiSi14Sk96ZnNTenRIN0VydmMteEw1NWZzU0JPcjdFa3JyLXhKNzZfc1NwLXY3RWlIcy14S0E3UHNTaXV6N0VtYnQteEp5N2ZzUzRPMzdFaER3LXhKQThQc1NsbVprRS1sYjBCT2N5eHdZOTFackdrZ2ZyQnVHdlA4ald3Q1NLZGZPdFM0cEl2cEM5ai1mVEEmZXhrPTEyOTg0NDY4MTkmYXdiaWRfYz1BS0FtZi1EVXJhb243WmZOM0NqRmhmdTFkcmIxRGs5LU9scXBkSkRWT3o4Vm1iRXg1NjRLU2VWdXQ5Y3NCRTVfUWV4WjNwX01QaUR6VGhNY2cxX2l3S0c5eWczWHgtZHQxaXpzODFRbURKaE9WS0E3cExKQndfUEdPVDEtcFZodjBSV1NXTG85clBRYVgwZ1NrTUN3MmhRQVczc0E4cC1oS1EmYXdiaWRfZD1BS0FtZi1BX3FWdXQtWE15ZGtjdi1hSzJ1Nnp2R0hfeENWQkppWGptVnBkcmxsMlhCX0FyeW9SbXFFdHFXQTFIZEsyWGZQTmdzQm1TeFRVNTlxdmZRMVpDXzJfVHo5MzdZZk12UlVXN3NqT2VoZWxUaWNvN2VFdGs5aUtDMDBZbnZSYTlwRWZkdGlrZ3Q3WWlhWmtjc1VidjJOS25Hc240UkdTQ3laNGRxZDJ5LXU5YVN3UXhjZWpCOUVqNkhZa2t1ZG5lSDdzSVlidUtxZkhKako1Zl95eUwyUzZfVzZjV3cwdVN1TTZRdGYwUXVKVE9kUC02aHBaRmxlMDhxN0hNYVk1ZURYVk1LN3VaSkF6Uk44eVpDcllEWWVXdGdvTGh4NzdacTFaVVJCQjNOeUJKSjdUZ2dyY054RmtMQXBnTnZDUGhUWS1oY0JmUTZYbmZNWFpkVlpGR090YXgwT2JVTG1lV0hnZVc5WERTMThBWWx2VzA5UV9QSGY2T1NQU2NveW5sVjZxWVVGTHJwbHB4dUFFVEdzY1oybi1tYThBOWRldnZiQ3VzNGZmYlIyNFdpM0YwZmNMVVl4Z1lPbE15TExzRnlydUdyODZOYzBfdHB1UzA5WV9MUVp2bzVmalpZNmtGc0piWC1lYW9jWTdaajZ3c21IZ284bHZ6dEtPb1FIMzFOMUdTcGVzUUo4LUVzOUQ2aEZnS0RHQTZXZzZHeG14UlBCMVE4WHlWdm1QLW9DTnJyQ2s1Z1p3X2ZJVFNrZFNBZ1FRRVlDbmVMQVhQSURscW1fTndfdVBEQ0tGNU1zVFFNZW5IUkdTV2RZXzNUbFNsbUxZdno2bkt2VFlSTVVyQVhZdlctY0pTZU0wNkNiT3ZFSVhMd0lORl94UV84Tm5HY0J1UUNPNFBmXzQ3WWpDcnRVbyZjaWQ9Q0FBU0JPUm9oYmcmYV9jaWQ9gAMBiAMAkAMAmAMUoAMBqgPqAQq_AWh0dHBzOi8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL2dlbl8yMDQ_aWQ9YXdiaWQmYXdiaWRfYj1BS0FtZi1EQjZ1bTZlUmtaNUJnWHVEVUpTV0dzWC1hcGdKeUEtNjl0MTliVzk1dFItMGdOYlJUc2hfQnBHb1ZEUEEyVGxNNUpGVUc5czBrTmZSODNzUTM2eUdVMktabGlOZyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMyMTg3MDc0MzgyNTM0MTQxNDI1Igg3ODgyNzgxNSoEMzk0MToBMMADrALIAwDYAwDgAwDoAwD4AwOABACSBAkvb3BlbnJ0YjKYBACiBA4xODUuMjMyLjIzLjE4MKgEngGyBAwIABAAGAAgADAAOAK4BADABADIBADaBAIIAeAEAPAEp6LLJYgFAZgFAKAFlc2ji_bF-LwwqgUqNDgwNTI5MGYtMjI2OS00NzIwLWIzMzMtODllYzc4YjZiMTNmfjg4M34xwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFstYB-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_QBu6PAdoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDEzMjM0NzE5Njg0OboHDwgAEAAYACAAMAA4vwZAAMgH6t4F0gcNCQAAAAAAAAAAEAAYANoHBggAEAAYAOAHAOoHAggA8AcAiggCEAA.&s=c9478ef3dc3cc589a6370900713131bd6526c7f9

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://lax1-ib.adnxs-simple.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Dec 2021 19:42:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 xbfe_backfill.js Show response
googleads.g.doubleclick.net/pagead/ Frame 9B85 13 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4f31178f3fe6003e606295047fdb9be890c6a9c6c8594576435f86975af582f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://lax1-ib.adnxs-simple.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 18:50:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3094
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5713
x-xss-protection: 0
server: cafe
etag: 4841097009533305096
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Wed, 15 Dec 2021 19:50:26 GMT

GET
H/1.1 200
OK it
lax1-ib.adnxs-simple.com/ Frame 9B85 0
657 B 160ms
160ms Image
text/html 104.254.148.196
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lax1-ib.adnxs-simple.com/it?an_audit=0&referrer=www.threatminer.org&e=wqT_3QKqBmwqAwAAAwDWAAUBCIaK6Y0GEPHLt6KDkoOtHhj_EQF4ASo2CW--Ed2zrpE_EVVd0fdkD44_GQAAAOCjcBlAIRESBCluDSTQMQAAAIA9Crc_MLKZ-Qg4sxlA5R5IZVCnosslWJzLhQFgAGidyZwBeOreBYABAYoBA1VTRJIFBvSbApgB2AWgAVqoAQOwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCyAgEw2AKkQ-AC6vkl6gITd3d3LnRocmVhdG1pbmVyLm9yZ4ADAYgDAJADAJgDFKADAaoD6gEKvwFodHRwczovL3BhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tL3BhZ2VhZC9nZW5fMjA0P2lkPWF3YmlkJmF3YmlkX2I9QUtBbWYtREI2dW02ZVJrWjVCZ1h1RFVKU1dHc1gtYXBnSnlBLTY5dDE5Ylc5NXRSLTBnTmJSVHNoX0JwR29WRFBBMlRsTTVKRlVHOXMwa05mUjgzc1EzNnlHVTJLWmxpTmcmcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTMjE4NzA3NDM4MjUzNDE0MTQyNSIINzg4Mjc4MTUqBDM5NDE6ATDAA6wCyAMA2AMA4AMA6AMA-AMDgAQAkgQJL29wZW5ydGIymAQAogQOMTg1LjIzMi4yMy4xODCoBJ4BsgQMCAAQABgAIAAwADgCuAQAwAQAyAQA2gQCCAHgBADwBKeiyyWIBQGYBQCgBZXNo4v2xfi8MKoFKjQ4MDUyOTBmLTIyNjktNDcyMC1iMzMzLTg5ZWM3OGI2YjEzZn44ODN-McAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBbLWAfoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAAAAAAAAAAAQABgA4AYB8gYCCACABwGIBwCgBwGqBwwxMzIzNDcxOTY4NDm6Bw8IABAAGAAgADAAOL8GQADIB-reBdIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAHAIoIAhAA&s=b9844d7c562d70619b94fde0824a93a059aa30c9

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.254.148.196 Los Angeles, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

547.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://lax1-ib.adnxs-simple.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Dec 2021 19:42:00 GMT
X-Proxy-Origin: 185.232.23.181; 185.232.23.181; 547.bm-nginx-loadbalancer.mgmt.lax1; adnxs-simple.com
AN-X-Request-Uuid: 35844e3a-bc73-4528-be1b-908bd6f070ea
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs-simple.com/v/s/222/ Frame 9B85 85 KB
29 KB 45ms
8ms Script
application/x-javascript 151.101.1.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs-simple.com/v/s/222/trk.js
Requested by: Host: lax1-ib.adnxs-simple.com
URL: https://lax1-ib.adnxs-simple.com/if?an_audit=0&referrer=www.threatminer.org&e=wqT_3QK4KWy4FAAAAwDWAAUBCIaK6Y0GEPHLt6KDkoOtHhj_EQF4ASo2CW--Ed2zrpE_EVVd0fdkD44_GQAAAOCjcBlAIRESBCluDSTQMQAAAIA9Crc_MLKZ-Qg4sxlA5R5IZVCnosslWJzLhQFgAGidyZwBeOreBYABAYoBA1VTRJIFBvReAZgB2AWgAVqoAQGwAQC4AQLAAQXIAQLQAQDYAQDgAQDwAQCyAgEw2AKkQ-AC6vkl6gITd3d3LnRocmVhdG1pbmVyLm9yZ_ICDAoGSEVJR0hUEgI5MPICDAoFV0lEVEgSAzcyOPICIQoGTE9BREVSEhdyZW5kZXJfcG9zdF9hZHNfdjEuaHRtbPICGAoKSUZSQU1FX0tFWRIKMTI5ODQ0NjgxOfICog8KC1BSRV9TQ1JJUFRTEpIPPHNjcmlwdD4oZnVuY3Rpb24oKXsvKgoKIENvcHlyaWdodCBUaGUgQ2xvc3VyZSBMaWJyYXJ5IEF1dGhvcnMuCiBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMAoqLwp2YXIgaD10aGlzfHxzZWxmOy8qCgogU1BEWC1MaWNlbnNlLUlkZW50aWZpZXI6IEFwYWNoZS0yLjAKKi8KZnVuYwGcYCBrKGIpe2tbIiAiXShiKTtyZXR1cm4gYn0JExA9ZnVuYwEo8FIoKXt9O3ZhciBtPVJlZ0V4cCgiXmh0dHBzPzovLyhcXHd8LSkrXFwuY2RuXFwuYW1wcHJvamVjdFxcLihuZXR8b3JnKShcXD98L3wkKSIpOwpmdQlZACABWwFZCGI9aAVhDGM9W10FCSBlPW51bGw7ZG8FHxhhPWI7dHJ5BQwsZDtpZihkPSEhYSYmASQcIT1hLmxvY2EBqSAuaHJlZiliOnsBLZBrKGEuZm9vKTtkPSEwO2JyZWFrIGJ9Y2F0Y2gobCl7fWQ9ITF9AX0IZz1kGRcAZwEWEGlmKGcpBW4AZj5eADg7ZT1hLmRvY3VtZW50JiYZDCgucmVmZXJyZXJ8fAGXJH1lbHNlIGY9ZSwNy0xjLnB1c2gobmV3IHAoZnx8IiIpKQXVJGI9YS5wYXJlbnQZhgBiBf_wQH19d2hpbGUoYiYmYSE9Yik7YT0wO2ZvcihiPWMubGVuZ3RoLTE7YTw9YjsrK2EpY1thXS5kZXB0aD1iLWE7YT1oISs5HgGuNSo4YW5jZXN0b3JPcmlnaW5zbhwADWsAPR11ACkJhgwxO2I8EYpMOysrYilmPWNbYl0sZi51cmx8fCgFCC5CATp2ABRbYi0KMV0hDBgsZi5oPSEwAeMpIgBoGash1RQsITEpO2YlFiUCBGU9MgQBIDA8PWU7LS1lKSG6RD1jW2VdLCFmJiZtLnRlc3QoZwGPICkmJihmPWcpLAUOKCYmIWcuaCl7YT1nSRsAfQ1dAGUV5gQmJgHMATsEOzBBZQBkIVoIJiZlBUgBGwgpO2MFrRBxKGEsZnU-FGMuZz9jLgVlDDpjLmkBQAB9cUk0IHEoYixjKXt0aGlzLmlB1QEJCGc9YxkiAHAdIgh1cmwRJBRoPSEhYzsFLwWIJQoEfTsVWQRyKEmwiGI9bigpLGM9Yi5pbmRleE9mKCI_Iik7c2V0VGltZW91dChmedVB_URlPXZvaWQgMD09PWU_LjAxOmVBNUQhKE1hdGgucmFuZG9tKCk-ZSkJXwRhPVH7DC5jdXJBtChTY3JpcHQ7YT0oYRlKBGE_YQOgOmEpJiYiNzciPT09YS5nZXRBdHRyaWJ1dGUoImRhdGEtamMiKT9hOmRtTkAucXVlcnlTZWxlY3RvcignWw0lAD0BRBhdJyk7ZT0ihXdYOi8vcGFnZWFkMi5nb29nbGVzeW5kaWOJAwhjb20NHpAvZ2VuXzIwND9pZD1qY2EmamM9NzcmdmVyc2lvbj0iKyhhJiZhVpgAAC0NJpAiKXx8InVua25vd24iKSsiJnNhbXBsZT0iK2U7YT13aW5kb3c7IUeNljBhLm5hdmlnYXRvcilkLg4AUC51c2VyQWdlbnQsZD0vQ2hyb21lL0meIGQpJiYhL0VkZxkRHD8hMDohMTtkYZYVUTAuc2VuZEJlYWNvbj8KHWkdGBQoZSk6KGEtFUBfaW1hZ2VfcmVxdWVzdHN8fF4aABA9W10pLAGuMdwELGQ5ywRkPxEWPDpkLGQ9ZC5jcmVhdGVFbGWhATwoImltZyIpLGQuc3JjPWUsWnwAifsYZCkpfX0sMHUqXDA8PWM_Yi5zdWJzdHJpbmcoMCxjKTpifSlXDC5yZmwuggbNnYBlbmNvZGVVUklDb21wb25lbnQocigpKX07fSkuY2FsbChhJBApOwo8L-2KaPICyQIKCkVYVFJBX1RBR1MSugI8ZGl2IHN0eSHJDHBvc2nBO2Q6IGFic29sdXRlOyBsZWZ0OiAwcHg7IHRvcA0KZHZpc2liaWxpdHk6IGhpZGRlbjsiPjxpbWcgAfvimQIUYXdiaWQmBQbwhl9iPUFLQW1mLUROSGtpbU16QUFRbm1Zd0tGVTFrMnZuZlhIbE1BaGJCUDY2WW5lUm1OeDNGQ0xhZFV5ZmhjMnNfVTk3NlpHWENtMTdMQnFCb3dUVkg1YlRydEtmZkU5bmJjYzV3IiBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0iIjEaqGRpc3BsYXk6bm9uZSI-PC9kaXY-8gKaAQoMUE9TVF9TQ1JJUFRTEokBPHOFBDYIAWmZUGFkcy5nLmRvdWJsZWNsaWNrLm5ldHGfPHhiZmVfYmFja2ZpbGwuanMBZS21DVMuRwkoIHtyM3B4KCcxMjkagAkcJyk7fSkoKTs96xCcDwoQSAGeNFBPUlRfUEFSQU1TEocPkTaKlQDwfWFkZmV0Y2g_YWRrPTQxNTIwNDgwMjEmYWRzYWZlPW1lZGl1bSZjbGllbnQ9Y2EtcHViLTMwNzY4OTAwMTI3NDE0NjcmZm9ybWF0PTcyOHg5MF9hcyZpcD0xODUuMjMyLjIzLjAmb3V0cHV0PWh0bWwmdW52aWV3ZWRfcG9zaUGKIF9zdGFydD0xJqH_AHdG1AoQJnN1Yl8NggBiQYnwfXItNDk4MjQyMiZobD1kZSZhY2VpZD1NRERVNWdENVZUUUJrbUEwQVM5ak5BR1NiVFFCc1c0MEFlVnVOQUduYnpRQndtODBBUlJ3TkFFZWNEUUJYbkEwQVl0d05BRzFjRFFCM1hBMEFRNXhOQUZVY1RRQlZYRTBBV1p4TkFGNAEQLGgzRTBBYUJ4TkFHagEQLHRYRTBBZEZ4TkFIUwUQ9FwIMnhCQVV0elFRRlRjMEVCdEIxY0FqaklYQUxXOW9nQ1FmZUlBckwzaUFKNVFLb0NKMEtxQWloQ3FnSnNXNm9DZm1LcUFtZG9xZ0o2YzZvQ19uaXFBdUo3cWdMdWhxb0NqWXFxQW9DYnFnS0JtNm9DZ3B1cUFoYW5xZ0tscDZvQ29xaXFBdDZycWdJc3JLb0NISzZxQWg2dXFnS1ZyNm9DZDdDcUFubXdxZ0tBc0tvQ2dyQ3FBb213cWdLaHM2b0N0clNxQXNlMXFnSlR1cW9DcjhDcUF1ekJxZ0xXektvQ0tNMnFBakxPcWdKTnpxb0N1ODZxQXM3VHFnSk4xYW9DU2RhcUFwUFhxZ0lzMktvQ2o5aXFBajdacWdKOTJhb0NlOXFxQWg3YnFnS2EzS29DcmR5cUFrX2RxZ0lvM3FvQ050NnFBbFhlcWdKOTNxb0NvZDZxQXNiZXFnTGwzcW9Day1LcUF0VGlxZ0pqNDZvQzl1T3FBdnZrcWdLZzVhb0M0dVdxQWdmbnFnSnM2S29DM3VpcUFvN3FxZ0syNnFvQzgtdXFBa2JzcWdLVTdLb0NuLXlxQWt2dHFnSmo3YW9DUE82cUFyell0Z2Y4MTM4STBZWWpDcTNPWlE1WnRmc1NJY1g3RWdiSi14Sk96ZnNTenRIN0VydmMteEw1NWZzU0JPcjdFa3JyLXhKNzZfc1NwLXY3RWlIcy14S0E3UHNTaXV6N0VtYnQteEp5N2ZzUzRPMzdFaER3LXhKQThQc1NsbVprRS1sYjBCT2N5eHdZOTFackdrZ2ZyQnVHdlA4ald3Q1NLZGZPdFM0cEl2cEM5ai1mVEEmZXhrPTEyOTg0NDY4MTkmYXdiaWRfYz1BS0FtZi1EVXJhb243WmZOM0NqRmhmdTFkcmIxRGs5LU9scXBkSkRWT3o4Vm1iRXg1NjRLU2VWdXQ5Y3NCRTVfUWV4WjNwX01QaUR6VGhNY2cxX2l3S0c5eWczWHgtZHQxaXpzODFRbURKaE9WS0E3cExKQndfUEdPVDEtcFZodjBSV1NXTG85clBRYVgwZ1NrTUN3MmhRQVczc0E4cC1oS1EmYXdiaWRfZD1BS0FtZi1BX3FWdXQtWE15ZGtjdi1hSzJ1Nnp2R0hfeENWQkppWGptVnBkcmxsMlhCX0FyeW9SbXFFdHFXQTFIZEsyWGZQTmdzQm1TeFRVNTlxdmZRMVpDXzJfVHo5MzdZZk12UlVXN3NqT2VoZWxUaWNvN2VFdGs5aUtDMDBZbnZSYTlwRWZkdGlrZ3Q3WWlhWmtjc1VidjJOS25Hc240UkdTQ3laNGRxZDJ5LXU5YVN3UXhjZWpCOUVqNkhZa2t1ZG5lSDdzSVlidUtxZkhKako1Zl95eUwyUzZfVzZjV3cwdVN1TTZRdGYwUXVKVE9kUC02aHBaRmxlMDhxN0hNYVk1ZURYVk1LN3VaSkF6Uk44eVpDcllEWWVXdGdvTGh4NzdacTFaVVJCQjNOeUJKSjdUZ2dyY054RmtMQXBnTnZDUGhUWS1oY0JmUTZYbmZNWFpkVlpGR090YXgwT2JVTG1lV0hnZVc5WERTMThBWWx2VzA5UV9QSGY2T1NQU2NveW5sVjZxWVVGTHJwbHB4dUFFVEdzY1oybi1tYThBOWRldnZiQ3VzNGZmYlIyNFdpM0YwZmNMVVl4Z1lPbE15TExzRnlydUdyODZOYzBfdHB1UzA5WV9MUVp2bzVmalpZNmtGc0piWC1lYW9jWTdaajZ3c21IZ284bHZ6dEtPb1FIMzFOMUdTcGVzUUo4LUVzOUQ2aEZnS0RHQTZXZzZHeG14UlBCMVE4WHlWdm1QLW9DTnJyQ2s1Z1p3X2ZJVFNrZFNBZ1FRRVlDbmVMQVhQSURscW1fTndfdVBEQ0tGNU1zVFFNZW5IUkdTV2RZXzNUbFNsbUxZdno2bkt2VFlSTVVyQVhZdlctY0pTZU0wNkNiT3ZFSVhMd0lORl94UV84Tm5HY0J1UUNPNFBmXzQ3WWpDcnRVbyZjaWQ9Q0FBU0JPUm9oYmcmYV9jaWQ9gAMBiAMAkAMAmAMUoAMBqgPqAQq_AWh0dHBzOi8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL2dlbl8yMDQ_aWQ9YXdiaWQmYXdiaWRfYj1BS0FtZi1EQjZ1bTZlUmtaNUJnWHVEVUpTV0dzWC1hcGdKeUEtNjl0MTliVzk1dFItMGdOYlJUc2hfQnBHb1ZEUEEyVGxNNUpGVUc5czBrTmZSODNzUTM2eUdVMktabGlOZyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMyMTg3MDc0MzgyNTM0MTQxNDI1Igg3ODgyNzgxNSoEMzk0MToBMMADrALIAwDYAwDgAwDoAwD4AwOABACSBAkvb3BlbnJ0YjKYBACiBA4xODUuMjMyLjIzLjE4MKgEngGyBAwIABAAGAAgADAAOAK4BADABADIBADaBAIIAeAEAPAEp6LLJYgFAZgFAKAFlc2ji_bF-LwwqgUqNDgwNTI5MGYtMjI2OS00NzIwLWIzMzMtODllYzc4YjZiMTNmfjg4M34xwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFstYB-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_QBu6PAdoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDEzMjM0NzE5Njg0OboHDwgAEAAYACAAMAA4vwZAAMgH6t4F0gcNCQAAAAAAAAAAEAAYANoHBggAEAAYAOAHAOoHAggA8AcAiggCEAA.&s=c9478ef3dc3cc589a6370900713131bd6526c7f9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 7b6fc69a9da277bb118dbe07973e75598ff107f8d5c69aec6a3e0f5e6884603a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://lax1-ib.adnxs-simple.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 19:42:00 GMT
Content-Encoding: gzip
Age: 118816
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 29209
X-Served-By: cache-lga13626-LGA, cache-hhn4076-HHN
Access-Control-Allow-Origin: *, *
Last-Modified: Tue, 14 Dec 2021 10:40:55 GMT
Server: AkamaiNetStorage
X-Timer: S1639597320.156567,VS0,VE0
ETag: "27a82a9a755fe85e7882d2ba1e990a11:1639478455.565772"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Via: 1.1 varnish, 1.1 varnish
Expires: Wed, 14 Dec 2022 10:41:45 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 1, 81823

GET
H3 200 render_post_ads_v1.html Show response
googleads.g.doubleclick.net/pagead/ Frame 8339 13 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

04f5d63c75f9fabede423b3d013e6efd9a448190898a34499a4010a59014a8d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://lax1-ib.adnxs-simple.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 14 Dec 2021 19:52:10 GMT
expires: Wed, 15 Dec 2021 19:52:10 GMT
content-type: text/html; charset=UTF-8
etag: 12223946614886178233
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4980
x-xss-protection: 0
age: 85790
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9B85 73 KB
27 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8576ac4fad8d6a2eef6c1a412387cb3e7a6909b0a647f33bb0686d57d300d02e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://lax1-ib.adnxs-simple.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:42:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28114
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461277931444"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 15 Dec 2021 19:42:00 GMT

POST
H3 200 adfetch Show response
googleads.g.doubleclick.net/pagead/ Frame 8339 79 KB
30 KB 49ms
48ms XHR
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adfetch

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abf333781bf3b73eb8b09a1987d30cec37169275ebe7ccab79d322d1a8892a7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 15 Dec 2021 19:42:00 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30239
x-xss-protection: 0

GET
H2 200 f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ Frame 36D3 254 B
729 B 16ms
16ms Image
image/png 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Requested by: Host: www.threatminer.org
URL: https://www.threatminer.org/sample.php?q=f326e2b2eb1f84179c8d81fb31d22ea7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
via: 1.1 varnish
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
age: 16103
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 254
x-amz-id-2: wX5/hI6NmMBjVNvvAWwmjYr2uq3UIe+i+rm850x1hQizku2HfhHD20c/U272HIZmbK2yrWPS4kQ=
x-served-by: cache-cdg20753-CDG
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer: S1639597320.151262,VS0,VE0
date: Wed, 15 Dec 2021 19:42:00 GMT
x-amz-request-id: QJQYQZAGN0VHXHFD
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: image/png
abp: 50
x-cache-hits: 28609

GET
H3 200 abg_lite.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 8339 24 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:33:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 500
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9516
x-xss-protection: 0
server: cafe
etag: 14328493792227503680
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:33:40 GMT

GET
H3 200 window_focus.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 8339 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e371c9ea0fd636a3ecd29ae5e8413d144d470f77ca4bdda94b6e61ec3b980eb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:18:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1383
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1345
x-xss-protection: 0
server: cafe
etag: 11377196957905752455
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:18:57 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8339 119 KB
36 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:42:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 15 Dec 2021 19:42:00 GMT

GET
H3 200 qs_click_protection.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 8339 18 KB
7 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51bbe57479b8c393497c12c8a7a3e3db77d4d60751017cbebd63ddc54a328819

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:40:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 65
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7337
x-xss-protection: 0
server: cafe
etag: 7465115486436736623
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 19:40:55 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 8339 0
0 15ms
15ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTByQ5EhVuI3xdBL2OkvoCuYuRF5Fe3flWhMtB13_rbRG0KJqiFQu7K9m2LJoSS5b7ekKzeHIjbVGTRiwT4VvOA4QqIKg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 one_click_handler_one_afma.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 8339 36 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/one_click_handler_one_afma.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

603aba830ea0e035c90c5c4a95a4f2a79de9c8f6b479a4f5e599402dedf9cdcb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 17:31:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7857
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14065
x-xss-protection: 0
server: cafe
etag: 12717653882186688320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Dec 2021 17:31:03 GMT

GET
H3 200 13107921433909246920
tpc.googlesyndication.com/simgad/ Frame 8339 11 KB
11 KB 8ms
8ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13107921433909246920?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qmO9px4SK1E_18-_v6FTKFZctx2Jg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

761cb15ef5c1faf41509e8c992c8776623cd8cf69643d1bb775d6ae06be348de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 21:39:08 GMT
x-content-type-options: nosniff
age: 511372
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11054
x-xss-protection: 0
last-modified: Thu, 02 Dec 2021 19:43:17 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 09 Dec 2022 21:39:08 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 8339 0
17 B 49ms
49ms Image
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Ch62eBkW6YYOmKKfatOUPhcudmA_ctJz5Zo3TzcPyDq-2vs-IChABIOaX1iVgleKQgqAHoAHuz934AsgBAqkCT3Sk-tZ3fT6oAwHIA8kEqgTMAU_QwbFwFwLbTyNp-hwiEmrV4UviYrTc7w5L5vIV2URQUed06ID6S9K1hC2mgbI0I3NgsdfRK93p8_i3zPCcnL5yAGR-V_pA9bLiggCx45LtSBVan6oU8CLWRd7s8WkSN7iR7OoiNUjNwy46OVPDRy5M0xxS8HJWR336cP-ejnKJ9kDYXbqtRkCbzCoEr5kyFP6dtzrxBNDQnbfhwKtPjTMmNRKRzOIhOdk4mxxc6R9SEg3st8PcCljVteDXrNE2Ie1IKM-3Pe-tlDxu4cAEseuHhO0DkgUECAQYAZIFBAgFGASgBgKAB_qvoocBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHSCAcIgGEQARgA8ggOYmlkZGVyLTQ5ODI0MjKACgTICwHYEwzQFQGYFgGAFwGyFwgKBggAEgAYAA&sigh=V9GmX9kCDCg&uach_m=[UACH]&pr=10:0.017268&vis=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 15 Dec 2021 19:42:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

POST
H/1.1 200
OK vevent
lax1-ib.adnxs-simple.com/ Frame 9B85 0
688 B 187ms
187ms Ping
text/html 104.254.148.196
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://lax1-ib.adnxs-simple.com/vevent?an_audit=0&referrer=www.threatminer.org&e=wqT_3QKqBmwqAwAAAwDWAAUBCIaK6Y0GEPHLt6KDkoOtHhj_EQF4ASo2CW--Ed2zrpE_EVVd0fdkD44_GQAAAOCjcBlAIRESBCluDSTQMQAAAIA9Crc_MLKZ-Qg4sxlA5R5IZVCnosslWJzLhQFgAGidyZwBeOreBYABAYoBA1VTRJIFBvSbApgB2AWgAVqoAQOwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCyAgEw2AKkQ-AC6vkl6gITd3d3LnRocmVhdG1pbmVyLm9yZ4ADAYgDAJADAJgDFKADAaoD6gEKvwFodHRwczovL3BhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tL3BhZ2VhZC9nZW5fMjA0P2lkPWF3YmlkJmF3YmlkX2I9QUtBbWYtREI2dW02ZVJrWjVCZ1h1RFVKU1dHc1gtYXBnSnlBLTY5dDE5Ylc5NXRSLTBnTmJSVHNoX0JwR29WRFBBMlRsTTVKRlVHOXMwa05mUjgzc1EzNnlHVTJLWmxpTmcmcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTMjE4NzA3NDM4MjUzNDE0MTQyNSIINzg4Mjc4MTUqBDM5NDE6ATDAA6wCyAMA2AMA4AMA6AMA-AMDgAQAkgQJL29wZW5ydGIymAQAogQOMTg1LjIzMi4yMy4xODCoBJ4BsgQMCAAQABgAIAAwADgCuAQAwAQAyAQA2gQCCAHgBADwBKeiyyWIBQGYBQCgBZXNo4v2xfi8MKoFKjQ4MDUyOTBmLTIyNjktNDcyMC1iMzMzLTg5ZWM3OGI2YjEzZn44ODN-McAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBbLWAfoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAAAAAAAAAAAQABgA4AYB8gYCCACABwGIBwCgBwGqBwwxMzIzNDcxOTY4NDm6Bw8IABAAGAAgADAAOL8GQADIB-reBdIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAHAIoIAhAA&s=b9844d7c562d70619b94fde0824a93a059aa30c9&type=nv&nvt=5&jm=1003&px=0&py=0&bw=728&bh=90&sid=1841364801417726108&vd=ct~0|rr~0&sv=222&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=18762930&sw=1600&sh=1200&pw=728&ph=90&ww=728&wh=90&ft=3

Requested by

Host: cdn.adnxs-simple.com
URL: https://cdn.adnxs-simple.com/v/s/222/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.254.148.196 Los Angeles, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

547.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://lax1-ib.adnxs-simple.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 15 Dec 2021 19:42:00 GMT
X-Proxy-Origin: 185.232.23.181; 185.232.23.181; 547.bm-nginx-loadbalancer.mgmt.lax1; adnxs-simple.com
AN-X-Request-Uuid: 4f3f6329-b88e-4678-b96b-c0d4fa81722e
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://lax1-ib.adnxs-simple.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 8339 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d66e758b658919ee996d73241535e0b27cdc373e023c1d09466cf5bd208a77f5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 204 bulk Show response
trc.taboola.com/disqus-widget-safetylevel20longtail09/log/3/ Frame 0D52 0
90 B 44ms
44ms XHR
image/gif 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/disqus-widget-safetylevel20longtail09/log/3/bulk?tvi2=-2&route=AM%3AAM%3AV&lti=deflated&bulkSize=1
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20211215-1-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.threatminer.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 12
pragma: no-cache
date: Wed, 15 Dec 2021 19:42:00 GMT
via: 1.1 varnish
server: nginx
x-timer: S1639597320.348867,VS0,VE12
x-served-by: cache-cdg20753-CDG
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.threatminer.org
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 21ms
21ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211207&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11f7da608a62904620d5561ac1f8267c6743e1657fc16a5ac10914cf4c40cbf4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 15 Dec 2021 19:42:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8592
x-xss-protection: 0

GET
H2 200 container-1.0.html Show response
resources.infolinks.com/static/ Frame 24B2 430 B
486 B 55ms
55ms Document
text/html 172.66.41.9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/static/container-1.0.html
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1769.027-3.025/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.66.41.9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42307b6e2231b2de1535854ab77c8fd201f88822e3f87ca3c4e8d3624ce65678

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/

Response headers

date: Wed, 15 Dec 2021 19:42:00 GMT
content-type: text/html; charset=UTF-8
last-modified: Wed, 17 Nov 2021 13:25:02 GMT
cache-control: max-age=2592000
expires: Fri, 14 Jan 2022 18:56:17 GMT
via: 1.1 google
cf-cache-status: HIT
age: 2743
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 6be227142fa454e1-MAN
content-encoding: gzip

GET
H3 200 U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js Show response
pagead2.googlesyndication.com/bg/ Frame FCD6 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53f0cf5f2fef7e5a938d553f62eb56266d1ac4e244eb7dcd40630614485fdacd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 14 Dec 2021 13:27:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 108888
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13577
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 14 Dec 2022 13:27:12 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:42:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
expires: Wed, 15 Dec 2021 19:42:00 GMT

GET
H2

200

check
pixel.tapad.com/idsync/ex/receive/ Frame 24B2
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_device_id=ba6abd92-8f3a-42cf-9215-dcbc3f26aaf5=&partner_id=3337
https://pixel.tapad.com/idsync/ex/receive/check?partner_device_id=ba6abd92-8f3a-42cf-9215-dcbc3f26aaf5=&partner_id=3337

95 B
425 B

16ms
15ms

Image
image/png

35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_device_id=ba6abd92-8f3a-42cf-9215-dcbc3f26aaf5=&partner_id=3337

Requested by

Host: resources.infolinks.com
URL: https://resources.infolinks.com/static/container-1.0.html

Protocol

Server

35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

159.248.227.35.bc.googleusercontent.com

Software

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://resources.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:42:00 GMT
via: 1.1 google
content-type: image/png
alt-svc: clear
content-length: 95
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

location: https://pixel.tapad.com/idsync/ex/receive/check?partner_device_id=ba6abd92-8f3a-42cf-9215-dcbc3f26aaf5=&partner_id=3337
date: Wed, 15 Dec 2021 19:42:00 GMT
via: 1.1 google
alt-svc: clear
content-length: 0
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame FD70 13 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
date: Wed, 15 Dec 2021 19:39:54 GMT
expires: Thu, 15 Dec 2022 19:39:54 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 126
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3840 783 B
537 B 19ms
18ms Document
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0673276d0726600a618df7c29d4600998a350ba65cc857ddd2019caf3aa8f012

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-JJsbvRF3VYj36WIE6hbE9Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 15 Dec 2021 19:42:00 GMT
date: Wed, 15 Dec 2021 19:42:00 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-JJsbvRF3VYj36WIE6hbE9Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 515
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js Show response
pagead2.googlesyndication.com/bg/ Frame FD70 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/U_DPXy_vflqTjVU_YutWJm0axOJE633NQGMGFEhf2s0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53f0cf5f2fef7e5a938d553f62eb56266d1ac4e244eb7dcd40630614485fdacd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 14 Dec 2021 13:27:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 108888
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13577
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 14 Dec 2022 13:27:12 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3840 0
0 48ms
47ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20211207&jk=464529641161210&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H2 200 f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ Frame 0D52 254 B
326 B 17ms
17ms Image
image/png 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
via: 1.1 varnish
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
age: 16103
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 254
x-amz-id-2: wX5/hI6NmMBjVNvvAWwmjYr2uq3UIe+i+rm850x1hQizku2HfhHD20c/U272HIZmbK2yrWPS4kQ=
x-served-by: cache-cdg20753-CDG
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer: S1639597320.485014,VS0,VE0
date: Wed, 15 Dec 2021 19:42:00 GMT
x-amz-request-id: QJQYQZAGN0VHXHFD
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: image/png
abp: 50
x-cache-hits: 28610

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2FE9 42 B
64 B 42ms
42ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst9PD6-R7_OwmtHuS_076iavXidvG_te0NI3A5_OOR2HKxyIp1ZWHI46qrTuwBjTjlrq3cFQaOFdjkfek4JW277Tbm9S1GY65UJgdDvfqGtIj5fwviETQ&sai=AMfl-YSEZsVNvuoktOIUX2CBOCQCkLFnNEt62uVAzimKBHgZXI43iiPOACZyxQa3cMalEIy5kPy2cSCqEEz3&sig=Cg0ArKJSzHQ1sZhzFjSGEAE&id=lidar2&mcvt=1001&p=0,0,598,299&mtos=0,1001,1001,1001,1001&tos=0,1001,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=0.78&if=1&app=0&itpl=4&adk=2989800909&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639597317908&rpt=1593&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Dec 2021 19:42:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20211207&jk=464529641161210&bg=!LyylLGjNAAZKWFskSlg7ACkAdvg8WihhstwIFRlbZ5zk1oMf6AhnR4pACX6zBQto-GxOR82ct1fdXwIAAABRUgAAAApoAQeZAs_U5EbCoiK43BbxQN--sku2mAOyP0kc77l5iIYcXowm7RC3SdBQG9H1WdZE3GCUrN2ZibH3t-KXzbpw6A6sqDwd0CR21itYaZ_icL_IqsN4APW4TVnHdH5x7ehjWrQ9Jf6DP_VrSKaEQM4P1EVBYhUy4V7SX5Ztl9wRi-KPDAZDdZCWPI0EV3-HCdW1FQjn4L24lhvENN3srAgHhi749thhQcuWHVmqebotKvKPim5sV6dehOOfHAqkcTQ7bcS5w9p6DpuUB3x1g-lhgbkWr3_NYc-j9YekTz-oUfZHi8vglTvPpHkkpHsC8_DUxEXTxRCJPaVD1C7CKkMlH6L-5Zk4RA4PdOwCZimyorCYZxg1LoEMfu0SX881xnaXU72yF5VqfG0xadhk10LKh4EHqInk_EyYddsfPVWoXViM4E5wGgxL6I-0OIvrlTUzIckBoCprTZOMnfpwMIlpiiO1M5Pudan7zAJy0DzqGnUf3eKjI1sD9N1BifPhT7HeUQHwmxA9BCMeSBre5i0sY1LTX_R8qCURreK5-ud0YcxUSubKvs2qJV_USLSFGZPRPxKoLXnvssu5CJv4j4cMnRSu6iKAyLG-qNWewk0xKqSe8DpSu4G_QWFofqJt5cQ8ZT6Ge_KN1juueQxqLo2VRzmjO5esYD3cyjFLFT9wGCEbvoAGwhbJw5TMdofwMEb9T8au2ky3_uuJ1u8gfbTOksLMqptRYvTkhWw7uC52eecJWO5WMDAkfcFE5e3skWsO0BOWs1SIFGlttcSJS64XIfKjw1bwH8bWOxLy68q76tOP86tX8-AB-9GnSJOrRq_n40ZOCqdNwsjlIQ5ZD_6xC1XwnGn9lCN4Zju_kI0TJeDCsrWFzl9E5t-22AwVf6BFT8sjPvy8xw-ecqhU9CfD78Rpeb-Wv335Beb9yVgHXUTsgRdsWaWRE8O-RD-BmAP4BEVjUg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Dec 2021 19:42:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cds-pips.js Show response
cdn.taboola.com/scripts/ Frame 36D3 2 KB
1 KB 16ms
15ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/scripts/cds-pips.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20211215-1-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7faef21187e15aefd3d8a5a585ca32c66358f597a97f5abd276517eaea1057d3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: iYtYacMlAb7PnD4NbVgysKvLj2fov4iK
content-encoding: gzip
etag: "3aa74dbf5cd656dbb65deda2d238ddbd"
age: 1684
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 911
x-amz-id-2: OUDVdYRZGHx0wd20XCEm0Wcw772G9r3+Mi6WjhjlbbyMpvPJe2nj5UjaiDSNomwZRfPcSmqKeds=
x-served-by: cache-cdg20753-CDG
last-modified: Wed, 14 Jul 2021 05:06:01 GMT
server: AmazonS3
x-timer: S1639597321.896423,VS0,VE0
date: Wed, 15 Dec 2021 19:42:00 GMT
vary: Accept-Encoding
x-amz-request-id: DM4Y2NTG4A732PPJ
via: 1.1 varnish
cache-control: private, max-age=3600
accept-ranges: bytes
content-type: application/javascript
abp: 50
x-cache-hits: 19325

GET
H2 200 / Show response
pips.taboola.com/ Frame 36D3 64 B
243 B 68ms
22ms XHR
text/plain 2a04:4e42:200::300
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pips.taboola.com/
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: a9a859503c4b5acf57c7fa2ed95ad1e5a46a0a577f5d1ecaf88e3251773eb7ec

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:42:00 GMT
via: 1.1 varnish
server: Varnish
x-served-by: cache-mxp6964-MXP
access-control-allow-methods: GET
access-control-allow-origin: https://www.threatminer.org
cache-control: no-store
x-cache: HIT
accept-ranges: bytes
content-length: 64
retry-after: 0
x-cache-hits: 0

GET
H/1.1 204
No Content / Show response
cds.taboola.com/ Frame 36D3 0
155 B 282ms
92ms XHR
text/plain 141.226.224.32
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.taboola.com/?uid=5b0d2eac-f762-40d4-b014-92a8157343f8-tuct8b3ca86&uad=47fa18d6d5094a41a87949f6ab4b5ebedc5b4b776ef56255ddcf8ff81a8c352b
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.32 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 15 Dec 2021 19:42:01 GMT
Cache-Control: no-store
Server: nginx
Connection: close

POST
H/1.1 200
OK vevent
lax1-ib.adnxs-simple.com/ Frame 9B85 0
688 B 178ms
177ms Ping
text/html 104.254.148.196
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://lax1-ib.adnxs-simple.com/vevent?an_audit=0&referrer=www.threatminer.org&e=wqT_3QKqBmwqAwAAAwDWAAUBCIaK6Y0GEPHLt6KDkoOtHhj_EQF4ASo2CW--Ed2zrpE_EVVd0fdkD44_GQAAAOCjcBlAIRESBCluDSTQMQAAAIA9Crc_MLKZ-Qg4sxlA5R5IZVCnosslWJzLhQFgAGidyZwBeOreBYABAYoBA1VTRJIFBvSbApgB2AWgAVqoAQOwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCyAgEw2AKkQ-AC6vkl6gITd3d3LnRocmVhdG1pbmVyLm9yZ4ADAYgDAJADAJgDFKADAaoD6gEKvwFodHRwczovL3BhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tL3BhZ2VhZC9nZW5fMjA0P2lkPWF3YmlkJmF3YmlkX2I9QUtBbWYtREI2dW02ZVJrWjVCZ1h1RFVKU1dHc1gtYXBnSnlBLTY5dDE5Ylc5NXRSLTBnTmJSVHNoX0JwR29WRFBBMlRsTTVKRlVHOXMwa05mUjgzc1EzNnlHVTJLWmxpTmcmcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTMjE4NzA3NDM4MjUzNDE0MTQyNSIINzg4Mjc4MTUqBDM5NDE6ATDAA6wCyAMA2AMA4AMA6AMA-AMDgAQAkgQJL29wZW5ydGIymAQAogQOMTg1LjIzMi4yMy4xODCoBJ4BsgQMCAAQABgAIAAwADgCuAQAwAQAyAQA2gQCCAHgBADwBKeiyyWIBQGYBQCgBZXNo4v2xfi8MKoFKjQ4MDUyOTBmLTIyNjktNDcyMC1iMzMzLTg5ZWM3OGI2YjEzZn44ODN-McAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBbLWAfoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAAAAAAAAAAAQABgA4AYB8gYCCACABwGIBwCgBwGqBwwxMzIzNDcxOTY4NDm6Bw8IABAAGAAgADAAOL8GQADIB-reBdIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAHAIoIAhAA&s=b9844d7c562d70619b94fde0824a93a059aa30c9&type=pv&jm=1003&px=0&py=0&bw=728&bh=90&sf=0.98&sid=1841364801417726108&vd=ct~0|rr~5&sv=222&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=18762930&ft=3

Requested by

Host: cdn.adnxs-simple.com
URL: https://cdn.adnxs-simple.com/v/s/222/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.254.148.196 Los Angeles, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

547.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://lax1-ib.adnxs-simple.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 15 Dec 2021 19:42:01 GMT
X-Proxy-Origin: 185.232.23.181; 185.232.23.181; 547.bm-nginx-loadbalancer.mgmt.lax1; adnxs-simple.com
AN-X-Request-Uuid: b746a3ef-5253-46e4-88f3-4ba3632e465d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://lax1-ib.adnxs-simple.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 cds-pips.js Show response
cdn.taboola.com/scripts/ Frame 0D52 2 KB
1 KB 19ms
19ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/scripts/cds-pips.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20211215-1-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7faef21187e15aefd3d8a5a585ca32c66358f597a97f5abd276517eaea1057d3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: iYtYacMlAb7PnD4NbVgysKvLj2fov4iK
content-encoding: gzip
etag: "3aa74dbf5cd656dbb65deda2d238ddbd"
age: 1684
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 911
x-amz-id-2: OUDVdYRZGHx0wd20XCEm0Wcw772G9r3+Mi6WjhjlbbyMpvPJe2nj5UjaiDSNomwZRfPcSmqKeds=
x-served-by: cache-cdg20753-CDG
last-modified: Wed, 14 Jul 2021 05:06:01 GMT
server: AmazonS3
x-timer: S1639597321.306829,VS0,VE0
date: Wed, 15 Dec 2021 19:42:01 GMT
vary: Accept-Encoding
x-amz-request-id: DM4Y2NTG4A732PPJ
via: 1.1 varnish
cache-control: private, max-age=3600
accept-ranges: bytes
content-type: application/javascript
abp: 50
x-cache-hits: 19329

GET
H2 200 / Show response
pips.taboola.com/ Frame 0D52 64 B
122 B 18ms
18ms XHR
text/plain 2a04:4e42:200::300
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pips.taboola.com/
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: a9a859503c4b5acf57c7fa2ed95ad1e5a46a0a577f5d1ecaf88e3251773eb7ec

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 15 Dec 2021 19:42:01 GMT
via: 1.1 varnish
server: Varnish
x-served-by: cache-mxp6964-MXP
access-control-allow-methods: GET
access-control-allow-origin: https://www.threatminer.org
cache-control: no-store
x-cache: HIT
accept-ranges: bytes
content-length: 64
retry-after: 0
x-cache-hits: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8339 42 B
64 B 43ms
43ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstJX91pUevDyCuHd_9Pk6y5VGvve5toHelerD6nN-FFsFqA3UP765Qcfczz_4sYs81HxvjGlebjNw1v2OAAEPGTKuUKH1IhGubgRMGBnDvNxyp_fy0&sig=Cg0ArKJSzHVFEnOQYpT4EAE&cid=CAASFeRolTTI9bFmthDvk1rz-mIwbMwgKA&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&app=0&itpl=4&adk=4152048021&exk=1298446819&rs=5&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639597320117&rpt=196&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Dec 2021 19:42:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content / Show response
cds.taboola.com/ Frame 0D52 0
155 B 261ms
90ms XHR
text/plain 141.226.224.32
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.taboola.com/?uid=e9c935c0-cb37-453a-8af2-fa9f019e216c-tuct8b3ca86&uad=47fa18d6d5094a41a87949f6ab4b5ebedc5b4b776ef56255ddcf8ff81a8c352b
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.32 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.threatminer.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 15 Dec 2021 19:42:01 GMT
Cache-Control: no-store
Server: nginx
Connection: close

Verdicts & Comments Add Verdict or Comment

140 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

53 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.threatminer.org/	1969-12-31 23:59:59	Name: PHPSESSID Value: ab75au89fu7itcfp7d20g7qh06
.threatminer.org/	1970-01-20 16:57:49	Name: _ga Value: GA1.2.312059641.1639597318
.threatminer.org/	1970-01-19 23:28:03	Name: _gid Value: GA1.2.1650966313.1639597318
.threatminer.org/	1970-01-19 23:26:37	Name: _gat Value: 1
www.threatminer.org/	1969-12-31 23:59:59	Name: logglytrackingsession Value: 024673ce-aa35-4d11-976a-ade146684eaa
.threatminer.org/	1970-01-20 08:48:13	Name: __gads Value: ID=e4c9cb27a2dbe5d5-2233352e07cd004b:T=1639597317:RT=1639597317:S=ALNI_MY8p5BVu3i4J8z4a6SLzdPQOlfcng
.infolinks.com/	1970-01-20 16:57:49	Name: cuid Value: ba6abd92-8f3a-42cf-9215-dcbc3f26aaf5
.yahoo.com/	1970-01-20 08:12:34	Name: A3 Value: d=AQABBAZFumECEB4YjwD4UOZ3CgIWBUhCoJMFEgEBAQGWu2HEYQAAAAAA_eMAAA&S=AQAAAt1ege9mQgWfbkrTqtYboPA
.advertising.com/	1970-01-20 08:13:39	Name: APID Value: UP10c1a996-5ddf-11ec-b000-06281abbc740
.pubmatic.com/	1970-01-19 23:28:03	Name: KTPCACOOKIE Value: YES
.adnxs.com/	1970-01-20 01:36:13	Name: uuid2 Value: 2413019295569767372
.casalemedia.com/	1970-01-20 08:12:13	Name: CMID Value: YbpFBnjRA1f5aOYiU-nSZQAA
.casalemedia.com/	1970-01-20 01:36:13	Name: CMPS Value: 5203
.analytics.yahoo.com/	1970-01-20 08:13:39	Name: IDSYNC Value: "192u~223v:18xp~223v"
.yahoo.com/	1970-01-19 23:49:55	Name: APID Value: UP10c1a996-5ddf-11ec-b000-06281abbc740
.yahoo.com/	1970-01-19 23:28:03	Name: APIDTS Value: 1639597318
.scorecardresearch.com/	1970-01-20 16:43:25	Name: UID Value: 1WGVMUKDNRL0LRTIGDTAILg1639597318
.pubmatic.com/	1970-01-20 01:36:13	Name: SyncRTB3 Value: 1640736000%3A220
.pubmatic.com/	1970-01-20 01:36:13	Name: KADUSERCOOKIE Value: 350B1A48-4414-4774-8D59-C8B150B17940
.casalemedia.com/	1970-01-20 01:36:13	Name: CMPRO Value: 1149
.casalemedia.com/	1970-01-19 23:28:03	Name: CMST Value: YbpFBmG6RQYA
.google.com/	1970-01-20 03:50:08	Name: NID Value: 511=Op6LwgFRoUbe214lJLD-4jz5GehuMcutYZZvn5gqc2a9Ur9ptDYfZlvJWdVkNCcFuYBVHUDpmkLUw09FkclWbPq75cFArfL8pAeLDZX-ku_JhQjkLWGU03YpUHHWusu3eX1zVIncQ2tEtZjOI-wqdwsolYCxe-qLPwjwyw3mY_U
.lijit.com/	1970-01-20 08:12:13	Name: ljt_reader Value: ecc012d606eaa40321784a67
.infolinks.com/	1970-01-19 23:28:03	Name: VRUSERCOOKIE Value: y-oGTjEylE2uGNgfncCN6HPnmoyat.0yaYWfFmqt0-~A
.cpx.to/	1970-01-20 08:12:13	Name: cpSess Value: 789f3047c7ae8bc3
.cpx.to/	1970-01-20 08:12:13	Name: dsp_app_nexus Value: 2775319518693246399#1639597318334
.infolinks.com/	1970-01-20 01:36:13	Name: ANUSERCOOKIE Value: 2413019295569767372
.infolinks.com/	1970-01-19 23:28:03	Name: OUTHUSERCOOKIE Value: y-ihqGBP1E2uHmmQf0bwyBBtb_jpsz8XQi~A~UP10c1a996-5ddf-11ec-b000-06281abbc740
.doubleclick.net/	1970-01-20 08:48:13	Name: IDE Value: AHWqTUlko1WrXJKDR7Qd3UoLfKibBclxPTTwJAwt4VAkfqz4xILDcX1JObZ7OVy4UoA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjU0MDcxNrYwMjIwszQ1NTGwtBDiM9RNLvWPrIz0NrQwTMkHAPgOJzklAAAA
.rfihub.com/	1970-01-20 08:48:13	Name: eud Value: H4sIAAAAAAAAAFslzmtoZmxpamlubGhhYmQMABi-1PYQAAAA
.rfihub.com/	1970-01-20 08:48:13	Name: rud Value: H4sIAAAAAAAAAOMSNjU0MDcxNrYwMjIwszQ1NTGwtBDiM9RNLvWPrIz0NrQwTMmX4jU0M7Y0tTQ3NrQwMTIGACtah4U0AAAA
.pubmatic.com/	1970-01-20 01:36:13	Name: PUBMDCID Value: 3
.owneriq.net/	1970-01-20 16:57:49	Name: si Value: Q6928837181518736253
.owneriq.net/	1970-01-19 23:41:01	Name: p2 Value: cc
.turn.com/	1970-01-20 03:45:49	Name: uid Value: 3623615811744744614
.infolinks.com/	1970-01-19 23:28:03	Name: R1USERCOOKIE Value: OPTOUT
.infolinks.com/	1970-01-19 23:28:03	Name: IXUSERCOOKIE Value: YbpFBnjRA1f5aOYiU-nSZQAA&1149
.pubmatic.com/	1970-01-19 23:28:03	Name: pi Value: 156872:3
.pubmatic.com/	1970-01-20 01:36:13	Name: chkChromeAb67Sec Value: 3
.casalemedia.com/	1970-01-20 08:12:13	Name: CMRUM3 Value: ee61ba45062760&4961ba450605a0&e661ba45062760&2d61ba45062760CAESEESecXhdeVmr1yXKtY3fzG8&0461ba450627603623615811744744614&1f61ba450605a00&f161ba450605a0&2761ba45060b40
.infolinks.com/	1970-01-19 23:28:03	Name: SOVRNUSERCOOKIE Value: ecc012d606eaa40321784a67
.infolinks.com/	1970-01-19 23:28:03	Name: KADUSERCOOKIE Value: 350B1A48-4414-4774-8D59-C8B150B17940~1639597404990
.infolinks.com/	1970-01-19 23:28:03	Name: ZTUSERCOOKIE Value: 5107433822069554098
.infolinks.com/	1970-01-19 23:28:03	Name: PUBMUSERCOOKIE Value: 350B1A48-4414-4774-8D59-C8B150B17940
.threatminer.org/	1970-01-20 08:12:13	Name: fc Value: %7B%22ODgzfjM5NDFfNzg4Mjc4MTV-Nzg4Mjc4MTU%22%3A%221%3A1639597319089%22%7D
.threatminer.org/	1970-01-20 08:12:13	Name: pv Value: %7B%22d%22%3A%221%3A1639597319090%22%7D
.doubleclick.net/	1970-01-19 23:26:40	Name: DSID Value: NO_DATA
.infolinks.com/	1970-01-19 23:27:21	Name: tv Value: \|ODgzfjM5NDFfNzg4Mjc4MTV-Nzg4Mjc4MTU~1
www.threatminer.org/	1970-01-20 08:12:13	Name: trc_cookie_storage Value: taboola%2520global%253Auser-id%3De9c935c0-cb37-453a-8af2-fa9f019e216c-tuct8b3ca86
.tapad.com/	1970-01-20 00:53:01	Name: TapAd_TS Value: 1639597320424
.tapad.com/	1970-01-20 00:53:01	Name: TapAd_DID Value: a884e34f-be67-4256-b261-520960d13a51
.tapad.com/	1970-01-20 00:53:01	Name: TapAd_3WAY_SYNCS Value:

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://idsync.rlcdn.com/461886.gif?partner_uid=YbpFBnjRA1f5aOYiU-nSZQAA%261149&&gdpr_consent=&gdpr=1 Message: Failed to load resource: the server responded with a status of 400 ()
security	error	URL: https://googleads.g.doubleclick.net/pagead/html/r20211207/r20110914/zrt_lookup.html?fsb=1(Line 22) Message: The Content Security Policy 'child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10609010985198416840/728x90.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10609010985198416840/728x90.html' was delivered via a <meta> element outside the document's <head>, which is disallowed. The policy has been ignored.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

15.taboola.com
a.disquscdn.com
abs.twimg.com
acdn.adnxs-simple.com
ad.turn.com
adservice.google.com
adservice.google.de
ap.lijit.com
b1sync.zemanta.com
c.disquscdn.com
cdn.adnxs-simple.com
cdn.syndication.twimg.com
cdn.taboola.com
cdn.viglink.com
cds.taboola.com
clients1.google.com
cm.g.doubleclick.net
cse.google.com
de.tynt.com
disqus.com
dsp.adkernel.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
i.clean.gg
i.creativecommons.org
ib.adnxs.com
idsync.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image8.pubmatic.com
images.taboola.com
imasdk.googleapis.com
lax1-ib.adnxs-simple.com
licensebuttons.net
links.services.disqus.com
match.adsrvr.org
match.bnmla.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
pbs.twimg.com
pips.taboola.com
pixel.advertising.com
pixel.tapad.com
platform.twitter.com
pr-bh.ybp.yahoo.com
px.owneriq.net
referrer.disqus.com
resources.infolinks.com
router.infolinks.com
rt3025.infolinks.com
s.amazon-adsystem.com
s.cpx.to
s0.2mdn.net
sb.scorecardresearch.com
ssc-cms.33across.com
ssum-sec.casalemedia.com
sync.1rx.io
sync.go.sonobi.com
syndication.twitter.com
tempest.services.disqus.com
threatminer.disqus.com
ton.twimg.com
tpc.googlesyndication.com
track.seadform.net
trc.taboola.com
u.openx.net
ups.analytics.yahoo.com
vidstat.taboola.com
www.google-analytics.com
www.google.com
www.googleapis.com
www.googletagservices.com
www.gstatic.com
www.threatminer.org
104.111.242.53
104.244.42.72
104.254.148.196
13.32.121.72
141.226.224.32
142.250.185.66
151.101.1.108
151.101.1.44
151.101.64.134
172.66.41.9
174.137.133.49
178.162.133.149
18.156.0.31
185.33.221.88
185.64.190.79
185.64.190.80
193.0.160.129
198.47.127.20
199.232.192.134
199.232.192.64
199.232.194.49
199.232.196.134
199.232.196.64
2.18.232.130
2.18.234.21
2001:678:cb4:bbbb::11
209.54.180.144
213.19.147.45
216.52.2.19
216.58.212.130
2600:9000:2240:9000:6:8656:f5c0:93a1
2606:2800:134:fa2:1627:1fe:edb:1665
2606:2800:233:7ee2:97c:ab4c:6c70:be36
2606:2800:233:8173:898f:63b3:95c3:79d2
2606:2800:234:59:254c:406:2366:268c
2606:4700:10::6814:9710
2606:4700:20::681a:5d6
2606:4700:20::681a:eeb
2606:4700::6810:a40d
2a00:1450:4001:801::2002
2a00:1450:4001:803::200a
2a00:1450:4001:80e::200e
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2003
2a00:1450:4001:811::2002
2a00:1450:4001:812::2006
2a00:1450:4001:828::2002
2a00:1450:4001:828::200a
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2001
2a00:1450:4001:830::2002
2a00:1450:4001:831::2004
2a00:1450:4001:831::200a
2a04:4e42:200::300
2a05:d018:d29:3601:58ff:414:f08:16d6
34.95.69.49
35.227.248.159
35.244.159.8
35.244.174.68
37.157.5.142
38.27.122.126
51.89.9.252
52.223.40.198
52.59.53.221
54.77.45.99
64.74.236.63
67.202.105.22
67.202.105.33
00db1163ca6054f2a8496a8613addd64991e27eedc8a136ca3e1f9dc04e894f8
01b1844125589a15317239014be029ba024bc0d6e059222bc99bd913a82ecb88
02bb1965d8a1debcb265725fa1972fca9d672b50c166fadece2890a37caecd9c
0376879a45be95f1d718c2a90d0b35986973e87d6f4c790b4c7046343464b72a
04f5d63c75f9fabede423b3d013e6efd9a448190898a34499a4010a59014a8d2
058b7f33a61ef0de50995d1e74f6d171f0923c3305824a47bf588c6c4cf2fd8a
0673276d0726600a618df7c29d4600998a350ba65cc857ddd2019caf3aa8f012
07697773cb80657614cc2f54daa9b5a6b222d95e912815db4c46b23375be6b9b
07a081c6a38ab09a0163aecaaf77713ffae6e09d06ba1a112efef22e01857ddc
0a5c8d565ff2094a383ec715b87bc2a787d1913906358159751b7f232c9238c4
0df35dc4906a0b5425ab3e2dd3e7b4aee3c01734f8966c3f38aade193df6bbca
0fb1bbca73646e8e2b93c82e8d8b219647b13d4b440c48e338290b9a685b8de1
106f36a58408c097b1febcc9f0fe8fdf3dc79fb29b120f06e2172dcc1ac0c921
11f7da608a62904620d5561ac1f8267c6743e1657fc16a5ac10914cf4c40cbf4
123e48d83601dbe7d038ad48a45e6fa1a6be410246d0e8a6e18786850128b3ad
13da23e323658067823edcbc9f6033522a57cbe4325eb72470ab93f6c77f5c38
14053ecb671ff488b7b8228571991f0bce2b091cdb3209415575029d76bd56c4
152bfeba2aa31c3dc60e5434b7e842a11b7fdc5499551a813d1586a4f13f1229
15af21e2984025e0542521d6b6ad54a846b8fe403d1f0c33c2ce9681a96ff22b
162523b35a7ab39f1e12b85b48dc5dc53d51b867c4ac7490a6e1851f72f59b61
166546432362a275af899542d876583bb41224b2c13cdf399bb1871edff5c5ab
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
1bce557c722eab56c14620a4f07505a476194a829bfb6887fbad11e670bf6c78
1bcefc6d6ee694c516246a71b2dc1ccb8e817a9a19e728473a8cc7b60afb89b4
1bea73194f11df459501fbb414a944fc876c62dc2a7b22ebd481d457e07f5cee
1d656833adb546296b5298bb691a03aeb1935e8faa68ae6fddd5033ac58a5d2b
1de1b94f2eb27f99f30e3a3afdfc9db5333cca95520d2342b73ee5db60fd8bae
1f42b6c9dab0b73174621c0daba5d82d4f2d841fed05a3784952e660b13fb78b
2189f9b418cf08f45330688d733153676a039a30f6f9f287f018a99b0b2fb0a6
21f7d05d1d6625dccdc8b86346e612e8f93ef39bd0562b4f72bcea8349a282f6
236925aee8cac5f8331d085a0dee2ff840ff052aa946cd84fd3f02d83349f22c
24f164db30f201dfea047e885e44e77a310f64af80264642cddf21c22c395e5c
26b81709cead177af8db90f5fc54e4e4614959f95be887b2ee0b3fa074afadf6
28350b1ee2c38c7a5eb134d520dedd01ab578d81c2ebe814e63e5d212c6ab1f1
28a8376313a88fc6972a455f1e81a766f8ecd6d7ed41108f9c4a0d851486addc
2b0789c3ab7df1f2580e95bb47eb5bb6dc19b4fc5a91b1f1ae1d9484dab534a9
2cc36b7e19b912c6d09739d2c3edbbb05a272be96736ae9fb0b0a70c2a331d48
2ccdc901f6b4db7fecff0e6ba92996377dc9c64e3e86d50b0e0f3856b58ad363
2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27
3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4
329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16
334bd658746df17eac7c2502d809b71128f584df89c15cd3b6e8cf8048b6445e
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
3ab0a74bbd399efdf7c9c9bffb689f0a755fc7131d5af04c8393d45f5163a69b
3ac3e497642683f86a118c44f37e493e20e8e40c7577d0c244a71700cf45cc21
3b3a78ab0004b3c7d8e3b60846867da3f466a3dec5e9e9f2d7e5c781b782d5e1
3d56f2bc68d9d190a05df1dc24bd2653eaff3c20660fa4e8b4fda71ebd8ada64
3d960434d20fce0cccb3e322162f4be302f45f67e3f7498a8792ba5a8b356ec3
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fb03c5889929639808be7ec57fdcac0a13e2bc5de31ac48723aeca4c2ff246e
42307b6e2231b2de1535854ab77c8fd201f88822e3f87ca3c4e8d3624ce65678
42894f3ad5731f9b4a4a3351452f09189a1e691009ceab6a19275de45e9304cc
45b3ffadbc785de6091fa798527891eb7264e4d115e3c1a37acb60e3d70d4966
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4a2266339c6f702080a356cb4823f95f42dfb25eb49dc3b5f6d56711761379a6
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4d958aa0fe56b2c9ef407522721c72a3f0ac4f0ae063a2e2d05c134b7a79fa85
4dc8736a1f88ba8b83372678be7d33ec790a58f91125c1794c65219d533e891a
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e4062a806daf9883e01ed7c06b8a6b281ebf6cede0711be10360996d10c39c3
51bbe57479b8c393497c12c8a7a3e3db77d4d60751017cbebd63ddc54a328819
53f0cf5f2fef7e5a938d553f62eb56266d1ac4e244eb7dcd40630614485fdacd
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
558e624c6b2b348a585985d9204bf4c76539d9b66a40f9fb0c6c23d341f5468b
55928bddbc936b71bb314de67ba3d00991412774fb24b247244bc6c952e64464
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e
5a7b3090bd9f8835e6add21f9c4e519a19af8fcedb40d3e9488d0e5e23a2fe36
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5c9a2391ae6ce4ce0aff0ee463999ede2990b2fac59d002fb8fef9cb5beada82
5d00b737b3ef9c46f56f4a68ec22d07f7abce4ac9a745d488288f259707a7763
5deb2f01b607d9f2177125509564fab61d597545d601b46607c0974d0ac89260
603aba830ea0e035c90c5c4a95a4f2a79de9c8f6b479a4f5e599402dedf9cdcb
605eefd6f113ffc50e197d237861a4fbfefc52a781370ed5ad047e2e32632091
60adb5d029ec8a5d4613d7d57ff8a799c43caae1d1d1c2e5c230d65850fd5273
610a427b4b6da16af92fa70bc4ebc4bc85ab2fbfc59bfea7d01a58e78412c88a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
647fed7e93f0cbf9b2195f2d248f6176cb56ee644c5860111f467139c4d970dd
65d0e7ce2c3819ea241df43cc01d47010bcb09bf0466695b2d5ee6da75f91763
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
692899320924303013f3d186ac0ca5e91e2c215a892c03bf2c80d7755af35244
697c41fffac431521f2db48c7426ac23b972b6eb7b1242f0bb47d6079884d3a4
6af63c5cdfecc2a05ec551afa4c95627062cc404712e91ac85c28c2aeaff2fc2
6ee9558dd324e8fbd50417903c8cb1f5b37b6798310a8514c0c46de35f6b623d
70f157c3fb7e1d05c83d4f8f269d9c6b67203e37863329eefc5202b97af308cc
726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3
7380e2fca7db8798958b96800dc6a99406e47da91552e89f46cc3bed51383b90
7412205e80b068ac2a5bea19ef9686ece2d7b2ac3a724bd80150268a187b4ebf
74d986f56c5ee88c038417c10d626e8e6ba182100c06a603c7c296cd69da328f
75cea92866f73ed3145621879aa0e0af7dd382c42628cafa3d7545db34c9c9c6
761cb15ef5c1faf41509e8c992c8776623cd8cf69643d1bb775d6ae06be348de
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d
78bd525dc317d47424279fbc7165201537c4bfe4c94c7f7c209a0685b6af281f
7a54149354f8872db43e65d8bc5c53087da5717af16e2f217e4fdff30d2f396d
7b6fc69a9da277bb118dbe07973e75598ff107f8d5c69aec6a3e0f5e6884603a
7be5f63793eef79dfde6edc1d8e29918e831ac49766cdc8f03960efd1550fa74
7c622600140a1df451547bbbfb31b4703c0ef3a27562a31e339f0150ffe606aa
7e2dc39e86bae5866c25bab3d804efeab166246ffbe522f159dd6ad7507de9b2
7faef21187e15aefd3d8a5a585ca32c66358f597a97f5abd276517eaea1057d3
8061c17ad6d7b8805745d8f136437acc8abe498fed1a01cec4d142b55def3c55
8123acba7d6b7e97526e8e5f2efe210c231de8501e443ac3251e2f1c541f09d4
8576ac4fad8d6a2eef6c1a412387cb3e7a6909b0a647f33bb0686d57d300d02e
868295bb1ecfe7de3f367b2836344af8ca73478c6b5fa70591572fb29c50eda9
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
888bc5618973079f4a157c8c94b0afe382e7e957306429c5880e032c83fb8e0c
88d58bb46e06562cfca08164528f2cb5fe2787e6128999357d8945a73dfff419
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a322ede0b619b9051fccbe2a1a31f402f416d45f92c245aafcbe75e42f6f2b2
8aeaf60f6f34ced8ed9c83b249bdfc8544cc8f318294074898e6ced1d04e678c
8b2553416435397af6366dab4408c3ba8b4508d67cbde843237956ce553c707f
8c28f43c738eebf695e54215e8bd2c7a15e7d357b74c14b46b6b98ee296814af
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d972e761cb8263d1fb42c33e710975c1679ee2eba516e8ca6f2302b10cbc0cb
8ed69fe012de9255a0662c46691693c154011e9042e1adf56759921a1f4a38e9
8f4d3b47b47a8a31163dad5d7fb15e27a0056d07b0c34c6089fd9225664e847c
90214d135602962e47ea9587a7eeb62fac1c64a541e373ea76e2b4e8b33e3f88
91b4ac439a88193b25a302f46fc9a2b0c5455ca4b1f30b7406a541fbc6201200
91ccad943b75171869dacbe5c42de58887b92a1d9fbc567651ade87e7193984d
934abde684325043e16edeffd73752cd5f0ab00b5723d8e47a618ce3f16a3799
93f3d1d5607792c347bdea9551f2ed80d56ceeaa90238657851d6402abadc7fa
94876041a90553ced36086c2aef6cab321b6e11e7823d600d19826b43b85e9e9
9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3
97719c71e44494e537beba8d51c6bb268a34dcd867fdefc431229225ca734b46
987f51b2adf58821c632ff5c96ffaf4c66568002dd5281bebbca05b57cba87ca
9926a0d226b45faff8db829a1c445f33efa6522e213fafed1000365d5abf73df
999a740fc678f340320d75cf6083acc26c1d005b81d6819cc3af4598b328d503
9c01d2e694ddf5266ab0ab9935980eac79b704e85ac4eada81af92b7da92e705
9cff0359137fc419fd2612e9e813c2f61cc9dd1b915d0c7bb650e8f0ff9e5710
9e09d646e35ace5492044aa3206e8b5e19b1beaf4f1ffdacd617133a205776aa
9efb3d5e1b082a66bd94908b42afb4cf6fe0e8eb8f50b8d2a18f6a5da03e6a18
9f05592df6a80686d7216adbbc60dd18c978741182ed9e09a863de7374931f0e
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee
a22c79a87c6c6b7aea7abef028487a161f1a9fae0a624bc946019100c3d151cc
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a351fd92e5702efce917edb3a5fa5e15b0c2c01b05c72004d183ea3cd0ac8cc4
a3de69e6337341b2a3b5dd38bf67b518ae04536f4094700c77f1d0718fd34578
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a549034009f79ead18a2154a8b730d8acb61e2f36c0434c0f9cff0f73df5d8cf
a804d039c3e5a8ce2adf20de56ee26ecf54f07c0a6a1c2c677b9d971580745f5
a905062b971bfb70ba70dda1a454d9cb7f7389be7ff515f6eb9009c8e697a34b
a98187a68b2512ba8073f68fb559db3b672ad9a36459d74af942d8bb4ed3278f
a9a859503c4b5acf57c7fa2ed95ad1e5a46a0a577f5d1ecaf88e3251773eb7ec
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
abf333781bf3b73eb8b09a1987d30cec37169275ebe7ccab79d322d1a8892a7a
ac74cddb007ace18442f5111c4c23125de6031dca42bcead5ea5bfb12d2ca332
add3f714af0d16f350b850d0b281a64aaba19f3dc4b35a2917cc448deb6cc1df
afdc1b67c3c000a42c7d4ecbd98f95ac6e712e1b5039b0e8d89844b97a028685
b138f0b28fe44581bebb03d0ff7046e4f8416deeb5d152ede640eaa3dc1c7872
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b16ea4304c2004d6ed4c550a69479c104682e56fe8e98368456e251ea06e944e
b374ecea628d6b29dd3ef9369b146bd4e3de07e218310835f7afb9fd85df1572
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
b4f31178f3fe6003e606295047fdb9be890c6a9c6c8594576435f86975af582f
b5b5ac05e504c27acdc9053687d1b47858ea17971559b922fe52682fc9184baf
ba5de2dd01708185a0cf0204bee10541293279f7ed8589422e930caab1c18d5d
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bc7731959f24eb86dc0127adfa88c91e71d68b5a0c958dae09aab1b34438256c
bcaef35a4b2497b99ab57024641c675fdceaa2b13d423a044c7171206d1a5725
bdb581fa06f3f03a95aabe175a9d30c381faaf15cc34c35a0ff4c5cc13c45f48
bdf5181c852e0b65e1f2fc47c0ed65d67785469ef79d3e429f53c917e95e12fe
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
bf8848ca9bb905744e9e472f9cce6f6a63a4453c80ce08440b9b91f27c55a684
bfb28d10aca387e17862bad9d67e7fea3669798710dac1e747b2222f92db6e6e
c006f68802d02eafe119beb4091fad20812eb254386c62059b74bc104a23e37b
c1ed78981cabba1b9ff75784aab3fd68ec96c05e33cdcffd00b72455e97d1159
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c252a58367211c11d839155e50dc5e98551826c64b8d2e8d6267124c054ceae0
c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3
c54340af80e1caef7e5fa1f8b7a31d771262abc6dfa67ae79e9ebe0985c6f09b
c692f0d15d92d902c12d745947ba1f892a76bbf3f74c6f3a9f590afd0653ee04
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
c7d55fb721c0a1bb591d30b6e06f7781fbd13ab200a8aef0fa8df62e455bc0b1
c8608afd205f591ed8e56ade592dae129c7836fdb91d1259868f0645fea9ca6a
c99361c0d8561c7d88a237009bac83ecc149fe6f1f91c52dde79b7841b584c40
ca0a9838b2f871fb9c22e4fdec2262e0331e8dab389f82644ffdd0bd865a1e85
cc17132607c3219dcf8b3e53f1e184b67eea8a0227eeb9883ed97efd35c6b5b3
cc387fc9c925ca2edcb9d674ad84b70dfcfc40661d264afeb13513d693dd3ceb
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cce577471c2586f3e0c2518fff84a970d33f61491fb8c629341b86f238cf07c0
cd985f03c9f87649112b373b06ac45d718c00afe0d4e40c3c6fded0c077190bb
cec328dda453d77d1824c45585eaae7347667268a866026acee8d13400958706
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf919e6fbfbf62a4f8cfaab4cf5c5f80e7c10be2bc9f7e4c70142175c0b49b4f
d44ceec8bba88323fa0fdc3d0a6793b6f1e0c31d465be241d2142abd9ae36e50
d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d66e758b658919ee996d73241535e0b27cdc373e023c1d09466cf5bd208a77f5
d853164105815c3ea423a95f095ee531f547ff1e12fba56a80be0f712c62929e
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
de8383d06a56f08749ed99ad3d43911fe88072a79e9148e2d1dead390f64893f
e0dc574fb2b266dba913861d60b0c69d1e41f0fd095a3341a45f26401cd8b6b3
e0ec954ff48bfab4e4f6853c18863074629e1b242a2a6e62691dfbb778073beb
e0ed4b80efbb81a92a82a727735aa23cd0e64ba7f8fe99507b31154f3042b9ba
e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442
e289900ed2e3fe1dd0519eafdd991aca46ae95154232ab83e4effd1d9b647139
e2be708683c7b866e3afe46e6f96c57144b94f060c434cb5f5313a905503931d
e371c9ea0fd636a3ecd29ae5e8413d144d470f77ca4bdda94b6e61ec3b980eb9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40d20754bf0c4ea2d81a21605badadf82924a18950347ae1c0acdc157319ff5
e725928ffb665a91ca8a3631e3002edba9b0f9ec66b40a59d53db0f44827e34e
e92552bc193c8bae835c7b6db6eea8a39593fa14fb75a227f738c415330cc84e
eaf9b8df2584f7aa7e0a88a41b9ece330450c71491d3f56b06a32110da0a9471
ecee1d502f45731162f99f4d6aa07c0315a26a8382c1b1bc3c9958ab3ff04000
ed99491fe47b5733d1ad2fbf90f5d9066d049a530d1b92ebe47be5e0c527a32e
edce17cae96873e2cf08323e45f8316b500e4596563b8c69b63e162250038e91
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0216265ffcc78522466531b2c333ad5725a51f151b18c5e2fb24d4e3e89ef23
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5
f1a5c62afaf2fe49a1885b10bc57bd0b1b14a59d9939bc0c4f9c8f4bad6ab6ef
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
f2fcf631c05c66ac82cfd9bcaf8c91c3b6fd55dad4c36271caed837482d4b2bb
f35741e78ab87627f4b9699d33be57b5a3faa7cf63d1fb06b14b1de3994eabc3
f43d4d35e7ac1e815dc0c8897806e30d928ee62e1aa6ac20f49c649f8b694004
f59489d853c5e17830f83124ae713209564b870cc655706f91f66002e253808f
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
f6a8ee66594aca8034752c88745d4ab5c134408b2e0413e05477c176b111d0d5
f725f6888d32252c9f3dc55750d168b0f4f00e0ea1f2e877ff46595662a56110
fb409f2542af7f68d9484417a5abf64e76fa0f0ac6e09961f35bdfc528e19eb4
fe28445d244301d6be97b82803aa9d9d896aa6df75d542cc01e833b0a721ee84
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

www.threatminer.org Open in urlscan Pro 2606:4700:20::681a:eeb Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

370 Requests

95 %HTTPS

39 %IPv6

47 Domains

78 Subdomains

57 IPs

6 Countries

5724 kBTransfer

13720 kBSize

53 Cookies

9 Outgoing links

Redirected requests

370 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.threatminer.org Open in urlscan Pro
2606:4700:20::681a:eeb Public Scan

Screenshot
Live screenshot

Full Image

370
Requests

95 %
HTTPS

39 %
IPv6

47
Domains

78
Subdomains

57
IPs

6
Countries

5724 kB
Transfer

13720 kB
Size

53
Cookies

370 HTTP transactions
10 data transactions