threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Submission: On April 04 via api (April 4th 2022, 2:39:07 pm UTC) from US — Scanned from DE

Summary HTTP 462 Redirects Links 23 Behaviour Indicators

Summary

This website contacted 99 IPs in 9 countries across 87 domains to perform 462 HTTP transactions. The main IP is 35.173.160.135, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is threatpost.com. The Cisco Umbrella rank of the primary domain is 147547.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on June 2nd 2021. Valid for: a year.

This is the only time threatpost.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
34	35.173.160.135 35.173.160.135	14618 (AMAZON-AES) (AMAZON-AES)
11	108.157.4.6 108.157.4.6	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
7	2606:4700:303... 2606:4700:3030::ac43:cf70	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	2600:9000:205... 2600:9000:2057:1c00:2:9275:3d40:93a1	16509 (AMAZON-02) (AMAZON-02)
10	2600:9000:214... 2600:9000:214f:6800:0:5c46:4f40:93a1	16509 (AMAZON-02) (AMAZON-02)
1 9	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
1	185.85.15.31 185.85.15.31	200107 (KL-EXT) (KL-EXT)
5	65.9.62.173 65.9.62.173	16509 (AMAZON-02) (AMAZON-02)
1 10	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
5	2a00:1450:400... 2a00:1450:4001:800::2008	15169 (GOOGLE) (GOOGLE)
10 40	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
2	52.16.57.45 52.16.57.45	16509 (AMAZON-02) (AMAZON-02)
1	23.206.210.112 23.206.210.112	16625 (AKAMAI-AS) (AKAMAI-AS)
1	46.105.202.126 46.105.202.126	16276 (OVH) (OVH)
6	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
3 5	2620:116:800d... 2620:116:800d:21:ee05:6a01:4b41:8c89	16509 (AMAZON-02) (AMAZON-02)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
7	151.101.2.137 151.101.2.137	54113 (FASTLY) (FASTLY)
1	52.19.107.252 52.19.107.252	16509 (AMAZON-02) (AMAZON-02)
2	15.188.95.229 15.188.95.229	16509 (AMAZON-02) (AMAZON-02)
1 1	52.51.88.158 52.51.88.158	16509 (AMAZON-02) (AMAZON-02)
9	18.118.192.126 18.118.192.126	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1	2600:9000:231... 2600:9000:2315:a400:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	64.140.160.2 64.140.160.2	18450 (WEBNX) (WEBNX)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
2	2a00:1450:400... 2a00:1450:400c:c0c::9d	15169 (GOOGLE) (GOOGLE)
18	2a00:1450:400... 2a00:1450:4001:830::2006	15169 (GOOGLE) (GOOGLE)
2	141.95.99.207 141.95.99.207	16276 (OVH) (OVH)
2	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
31	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
2	2606:4700:20:... 2606:4700:20::681a:9a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 7	167.172.1.14 167.172.1.14	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
3	184.31.84.150 184.31.84.150	16625 (AKAMAI-AS) (AKAMAI-AS)
10	99.80.41.206 99.80.41.206	16509 (AMAZON-02) (AMAZON-02)
3	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
5 16	37.252.172.123 37.252.172.123	29990 (ASN-APPNEX) (ASN-APPNEX)
4	35.157.246.167 35.157.246.167	16509 (AMAZON-02) (AMAZON-02)
4	2602:803:c003... 2602:803:c003:200::21	26667 (RUBICONPR...) (RUBICONPROJECT)
1	18.193.246.175 18.193.246.175	16509 (AMAZON-02) (AMAZON-02)
1 4	216.52.2.19 216.52.2.19	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
3	18.193.253.159 18.193.253.159	16509 (AMAZON-02) (AMAZON-02)
5	213.19.147.42 213.19.147.42	26120 (RHYTHMONE) (RHYTHMONE)
2 20	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:272	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	145.40.89.200 145.40.89.200	54825 (PACKET) (PACKET)
1	18.156.195.47 18.156.195.47	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:350... 2a02:26f0:3500:7::17d8:4dd2	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
3 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
23	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
1 2	142.250.185.166 142.250.185.166	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
4 11	69.192.160.245 69.192.160.245	16625 (AKAMAI-AS) (AKAMAI-AS)
2	104.111.242.245 104.111.242.245	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	69.192.160.186 69.192.160.186	16625 (AKAMAI-AS) (AKAMAI-AS)
5	69.192.160.199 69.192.160.199	16625 (AKAMAI-AS) (AKAMAI-AS)
6	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
3 3	185.29.132.241 185.29.132.241	30419 (MEDIAMATH...) (MEDIAMATH-INC)
5 5	37.157.4.29 37.157.4.29	198622 (ADFORM) (ADFORM)
4 9	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
2	2a02:26f0:350... 2a02:26f0:3500:11::215:14dc	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3 4	185.94.180.125 185.94.180.125	35220 (SPOTX-AMS) (SPOTX-AMS)
5 5	18.184.26.136 18.184.26.136	16509 (AMAZON-02) (AMAZON-02)
5 7	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
2	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
2 2	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
7 9	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8100:8701:aae2:1118:ca9	16509 (AMAZON-02) (AMAZON-02)
1	2620:1ec:bdf::44 2620:1ec:bdf::44	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3 6	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
6	104.109.78.125 104.109.78.125	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	178.128.135.80 178.128.135.80	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	205.185.216.10 205.185.216.10	20446 (STACKPATH...) (STACKPATH-CDN)
3 5	2a05:d018:d29... 2a05:d018:d29:3605:94f3:d01d:495a:dfd0	16509 (AMAZON-02) (AMAZON-02)
2 2	52.58.249.203 52.58.249.203	16509 (AMAZON-02) (AMAZON-02)
4 5	3.122.211.253 3.122.211.253	16509 (AMAZON-02) (AMAZON-02)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
4 4	52.49.96.153 52.49.96.153	16509 (AMAZON-02) (AMAZON-02)
1 1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
5	185.86.139.114 185.86.139.114	201081 (SMARTADSE...) (SMARTADSERVER)
1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4 7	209.54.176.128 209.54.176.128	16509 (AMAZON-02) (AMAZON-02)
3 3	50.31.142.127 50.31.142.127	23352 (SERVERCEN...) (SERVERCENTRAL)
1 14	34.248.76.8 34.248.76.8	16509 (AMAZON-02) (AMAZON-02)
1	67.202.105.22 67.202.105.22	32748 (STEADFAST) (STEADFAST)
1	51.38.120.206 51.38.120.206	16276 (OVH) (OVH)
2	185.86.139.94 185.86.139.94	201081 (SMARTADSE...) (SMARTADSERVER)
1 1	216.52.2.48 216.52.2.48	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
4 4	213.19.147.44 213.19.147.44	3356 (LEVEL3) (LEVEL3)
1 1	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
3	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1 1	34.111.151.213 34.111.151.213	15169 (GOOGLE) (GOOGLE)
1 1	37.252.172.37 37.252.172.37	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	35.210.53.219 35.210.53.219	15169 (GOOGLE) (GOOGLE)
3 3	64.202.112.223 64.202.112.223	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	3.224.178.199 3.224.178.199	14618 (AMAZON-AES) (AMAZON-AES)
1 1	54.144.85.208 54.144.85.208	14618 (AMAZON-AES) (AMAZON-AES)
1 1	54.146.66.83 54.146.66.83	14618 (AMAZON-AES) (AMAZON-AES)
1	150.136.156.92 150.136.156.92	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1	169.197.150.7 169.197.150.7	398989 (DEEPINTENT) (DEEPINTENT)
1 1	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	54.77.108.6 54.77.108.6	16509 (AMAZON-02) (AMAZON-02)
3	34.241.76.6 34.241.76.6	16509 (AMAZON-02) (AMAZON-02)
1 1	198.148.27.139 198.148.27.139	19189 (PULSEPOINT) (PULSEPOINT)
1 1	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
2 2	2.19.35.65 2.19.35.65	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	18.195.155.181 18.195.155.181	16509 (AMAZON-02) (AMAZON-02)
1 1	124.146.215.44 124.146.215.44	2514 (INFOSPHER...) (INFOSPHERE NTT PC Communications)
2 2	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
2 2	2a05:d018:24:... 2a05:d018:24:b001:8602:c81a:97ba:276d	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1288:80:... 2a00:1288:80:807::1	203220 (YAHOO-DEB) (YAHOO-DEB)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	178.162.133.148 178.162.133.148	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2 2	3.211.160.95 3.211.160.95	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:1f18:444... 2600:1f18:444a:4680:5b76:7408:bdd4:1592	14618 (AMAZON-AES) (AMAZON-AES)
1	69.173.151.100 69.173.151.100	26667 (RUBICONPR...) (RUBICONPROJECT)
462	99

34 35.173.160.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-160-135.compute-1.amazonaws.com

threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kasperskycontenthub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 108.157.4.6 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-6.dus51.r.cloudfront.net

tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:3030::ac43:cf70 (United States)

ASN13335 (CLOUDFLARENET, US)

qd.admetricspro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2600:9000:2057:1c00:2:9275:3d40:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2600:9000:214f:6800:0:5c46:4f40:93a1 (United States)

ASN16509 (AMAZON-02, US)

media.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.85.15.31 (Germany)

ASN200107 (KL-EXT, CH)

media.kaspersky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 65.9.62.173 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-62-173.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 151.101.130.137 (United States) 1 redirects

ASN54113 (FASTLY, US)

cd.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cds.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
capi.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lit.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 142.250.185.226 (United States) 10 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.16.57.45 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-57-45.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.206.210.112 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-206-210-112.deploy.static.akamaitechnologies.com

secure.cdn.fastclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.202.126 (France)

ASN16276 (OVH, FR)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:116:800d:21:ee05:6a01:4b41:8c89 (United States) 3 redirects

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 151.101.2.137 (United States)

ASN54113 (FASTLY, US)

ins.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vid.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.19.107.252 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-107-252.eu-west-1.compute.amazonaws.com

kaspersky.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.188.95.229 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

kaspersky.d3.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.51.88.158 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-88-158.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 18.118.192.126 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-118-192-126.us-east-2.compute.amazonaws.com

capi-tier-2-us-east-2.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2315:a400:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.140.160.2 (Ogden, United States)

ASN18450 (WEBNX, US)
PTR: threatintelligenceplatform.com

geo.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0c::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:830::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.95.99.207 (France)

ASN16276 (OVH, FR)
PTR: ns3213275.ip-141-95-99.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:9a9 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 167.172.1.14 (North Bergen, United States) 2 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

e.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 184.31.84.150 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-31-84-150.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 99.80.41.206 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-41-206.eu-west-1.compute.amazonaws.com

ads.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 37.252.172.123 (Frankfurt am Main, Germany) 5 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.157.246.167 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com

c2shb.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c2shb.pubgw.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2602:803:c003:200::21 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.193.246.175 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-246-175.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.52.2.19 (United States) 1 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.193.253.159 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-253-159.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 213.19.147.42 (Utrecht, Netherlands)

ASN26120 (RHYTHMONE, US)

tag.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 35.244.159.8 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

teachingaids-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
gift-connect-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:272 (United States)

ASN13335 (CLOUDFLARENET, US)

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 145.40.89.200 (Ashburn, United States) 1 redirects

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.156.195.47 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com

c2shb.pubgw.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:7::17d8:4dd2 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.166 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f6.1e100.net

9582686.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 69.192.160.245 (Frankfurt am Main, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a69-192-160-245.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.242.245 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-245.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.192.160.186 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a69-192-160-186.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 69.192.160.199 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a69-192-160-199.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f98.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.132.241 (United Kingdom) 3 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.157.4.29 (Denmark) 5 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 35.71.131.137 (United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:11::215:14dc (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.94.180.125 (Amsterdam, Netherlands) 3 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.184.26.136 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-26-136.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 3.126.56.137 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.78 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 69.173.144.139 (Frankfurt am Main, Germany) 7 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8100:8701:aae2:1118:ca9 (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:bdf::44 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

public.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 76.223.111.18 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.109.78.125 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-109-78-125.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.128.135.80 (North Bergen, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

sync.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.216.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map2.hwcdn.net

serverbid-sync.nyc3.cdn.digitaloceanspaces.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a05:d018:d29:3605:94f3:d01d:495a:dfd0 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.58.249.203 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-249-203.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.122.211.253 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-211-253.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.49.96.153 (Dublin, Ireland) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-96-153.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.86.139.114 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 209.54.176.128 (Ashburn, United States) 4 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 50.31.142.127 (Chicago, United States) 3 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: chi.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 34.248.76.8 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-76-8.eu-west-1.compute.amazonaws.com

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.22 (United States)

ASN32748 (STEADFAST, US)
PTR: ip22.67-202-105.static.steadfastdns.net

pixel.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.38.120.206 (France)

ASN16276 (OVH, FR)
PTR: ip206.ip-51-38-120.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.139.94 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.52.2.48 (United States) 1 redirects

ASN30282 (AS-INAPCDN-OCY, US)

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 213.19.147.44 (Utrecht, Netherlands) 4 redirects

ASN3356 (LEVEL3, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.129 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.162.133.149 (Rijswijk, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.151.213 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 213.151.111.34.bc.googleusercontent.com

dmp.brand-display.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.172.37 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.210.53.219 (Brussels, Belgium) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 219.53.210.35.bc.googleusercontent.com

pool.admedo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 64.202.112.223 (Leesburg, United States) 3 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.224.178.199 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-224-178-199.compute-1.amazonaws.com

cs-server-s2s.yellowblue.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.144.85.208 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-144-85-208.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.146.66.83 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-146-66-83.compute-1.amazonaws.com

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 150.136.156.92 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)

sync.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.197.150.7 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com

match.deepintent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.215.191 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.77.108.6 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-108-6.eu-west-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.241.76.6 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-241-76-6.eu-west-1.compute.amazonaws.com

usersync.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.139 (New York, United States) 1 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.19.35.65 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-35-65.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.195.155.181 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com

cs.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 124.146.215.44 (Japan) 1 redirects

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.90 (Amsterdam, Netherlands) 2 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:24:b001:8602:c81a:97ba:276d (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

sync.tidaltv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:807::1 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.162.133.148 (Rijswijk, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1.go.sonobi.com

go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.211.160.95 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-211-160-95.compute-1.amazonaws.com

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:444a:4680:5b76:7408:bdd4:1592 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

i6.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.151.100 (United States)

ASN26667 (RUBICONPROJECT, US)

pixel-us-east.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
58	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 98 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 125	477 KB
56	threatpost.com threatpost.com — Cisco Umbrella Rank: 147547 assets.threatpost.com — Cisco Umbrella Rank: 399303 media.threatpost.com — Cisco Umbrella Rank: 354086	863 KB
54	doubleclick.net 11 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 193 stats.g.doubleclick.net — Cisco Umbrella Rank: 95 9582686.fls.doubleclick.net — Cisco Umbrella Rank: 340449 googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 cm.g.doubleclick.net — Cisco Umbrella Rank: 206 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 274	331 KB
26	connatix.com 1 redirects cd.connatix.com — Cisco Umbrella Rank: 3428 cds.connatix.com — Cisco Umbrella Rank: 3539 capi.connatix.com — Cisco Umbrella Rank: 3917 lit.connatix.com — Cisco Umbrella Rank: 7406 ins.connatix.com — Cisco Umbrella Rank: 5944 capi-tier-2-us-east-2.connatix.com — Cisco Umbrella Rank: 4444 vid.connatix.com — Cisco Umbrella Rank: 4140 img.connatix.com — Cisco Umbrella Rank: 4251	2 MB
22	openx.net 2 redirects teachingaids-d.openx.net — Cisco Umbrella Rank: 23504 us-u.openx.net — Cisco Umbrella Rank: 399 u.openx.net — Cisco Umbrella Rank: 730 eu-u.openx.net — Cisco Umbrella Rank: 1942 rtb.openx.net — Cisco Umbrella Rank: 1485 gift-connect-d.openx.net — Cisco Umbrella Rank: 13506	4 KB
22	rubiconproject.com 9 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 450 pixel.rubiconproject.com — Cisco Umbrella Rank: 348 eus.rubiconproject.com — Cisco Umbrella Rank: 551 secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1110 token.rubiconproject.com — Cisco Umbrella Rank: 669 pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 1170	40 KB
20	adnxs.com 6 redirects ib.adnxs.com — Cisco Umbrella Rank: 245 acdn.adnxs.com — Cisco Umbrella Rank: 560 secure.adnxs.com — Cisco Umbrella Rank: 436	75 KB
18	yahoo.com 8 redirects c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 795 c2shb.pubgw.yahoo.com — Cisco Umbrella Rank: 1133 ups.analytics.yahoo.com — Cisco Umbrella Rank: 287 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 370 ads.yahoo.com — Cisco Umbrella Rank: 1030	7 KB
18	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 257	247 KB
17	gumgum.com 1 redirects g2.gumgum.com — Cisco Umbrella Rank: 1523 rtb.gumgum.com — Cisco Umbrella Rank: 1242 usersync.gumgum.com — Cisco Umbrella Rank: 3241	5 KB
12	amazon-adsystem.com 4 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 290 s.amazon-adsystem.com — Cisco Umbrella Rank: 278	46 KB
12	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 7 adservice.google.com — Cisco Umbrella Rank: 76	4 KB
11	pubmatic.com 3 redirects hbopenbid.pubmatic.com — Cisco Umbrella Rank: 446 ads.pubmatic.com — Cisco Umbrella Rank: 453 image6.pubmatic.com — Cisco Umbrella Rank: 610 image2.pubmatic.com — Cisco Umbrella Rank: 882	31 KB
11	servenobid.com ads.servenobid.com — Cisco Umbrella Rank: 2023 public.servenobid.com — Cisco Umbrella Rank: 4173	7 KB
11	casalemedia.com 4 redirects htlb.casalemedia.com — Cisco Umbrella Rank: 470 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 568 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 536 dsum.casalemedia.com — Cisco Umbrella Rank: 1319	10 KB
11	adlightning.com tagan.adlightning.com — Cisco Umbrella Rank: 1406	255 KB
9	adsrvr.org 4 redirects match.adsrvr.org — Cisco Umbrella Rank: 326	3 KB
9	1rx.io 4 redirects tag.1rx.io — Cisco Umbrella Rank: 1309 sync.1rx.io — Cisco Umbrella Rank: 534	2 KB
8	serverbid.com 3 redirects e.serverbid.com — Cisco Umbrella Rank: 3180 sync.serverbid.com — Cisco Umbrella Rank: 5979	1 KB
7	smartadserver.com rtb-csync.smartadserver.com — Cisco Umbrella Rank: 626 ssbsync.smartadserver.com — Cisco Umbrella Rank: 1219	2 KB
7	3lift.com 3 redirects tlx.3lift.com — Cisco Umbrella Rank: 566 eb2.3lift.com — Cisco Umbrella Rank: 325	4 KB
7	admetricspro.com qd.admetricspro.com — Cisco Umbrella Rank: 24025	324 KB
6	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 385 www.linkedin.com — Cisco Umbrella Rank: 595 px4.ads.linkedin.com — Cisco Umbrella Rank: 4868	4 KB
6	googleapis.com imasdk.googleapis.com — Cisco Umbrella Rank: 405 fonts.googleapis.com — Cisco Umbrella Rank: 45	742 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 39	40 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 169	209 KB
5	bidswitch.net 4 redirects x.bidswitch.net — Cisco Umbrella Rank: 285	2 KB
5	advertising.com 5 redirects pixel.advertising.com — Cisco Umbrella Rank: 350	2 KB
5	adform.net 5 redirects c1.adform.net — Cisco Umbrella Rank: 571	2 KB
5	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 602 ce.lijit.com — Cisco Umbrella Rank: 908	2 KB
5	google.de www.google.de — Cisco Umbrella Rank: 5640 adservice.google.de — Cisco Umbrella Rank: 8069	2 KB
5	quantserve.com 3 redirects secure.quantserve.com — Cisco Umbrella Rank: 962 pixel.quantserve.com — Cisco Umbrella Rank: 418 cms.quantserve.com — Cisco Umbrella Rank: 1104	11 KB
5	gstatic.com www.gstatic.com	298 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 70	388 KB
4	sonobi.com sync.go.sonobi.com — Cisco Umbrella Rank: 1004 go.sonobi.com — Cisco Umbrella Rank: 761	2 KB
4	bidr.io 4 redirects match.prod.bidr.io — Cisco Umbrella Rank: 489	2 KB
4	spotxchange.com 3 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 515	2 KB
4	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 389 mug.criteo.com — Cisco Umbrella Rank: 2685	1 KB
3	liadm.com 2 redirects i.liadm.com — Cisco Umbrella Rank: 531 i6.liadm.com — Cisco Umbrella Rank: 1596	1 KB
3	emxdgt.com 2 redirects cs.emxdgt.com — Cisco Umbrella Rank: 884	465 B
3	outbrain.com 3 redirects sync.outbrain.com — Cisco Umbrella Rank: 835	1 KB
3	zemanta.com 3 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 558	2 KB
3	mathtag.com 3 redirects sync.mathtag.com — Cisco Umbrella Rank: 438	2 KB
3	indexww.com js-sec.indexww.com — Cisco Umbrella Rank: 709	5 KB
3	a-mo.net 1 redirects prebid.a-mo.net — Cisco Umbrella Rank: 1149	807 B
3	sharethrough.com btlr.sharethrough.com — Cisco Umbrella Rank: 1085	337 B
3	4dex.io script.4dex.io — Cisco Umbrella Rank: 1906 mp.4dex.io — Cisco Umbrella Rank: 2659	24 KB
3	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 1658 id5-sync.com — Cisco Umbrella Rank: 607	12 KB
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 208 kaspersky.demdex.net — Cisco Umbrella Rank: 256293	5 KB
2	tidaltv.com 2 redirects sync.tidaltv.com — Cisco Umbrella Rank: 1150	718 B
2	creativecdn.com 2 redirects creativecdn.com — Cisco Umbrella Rank: 650	695 B
2	360yield.com 2 redirects ad.360yield.com — Cisco Umbrella Rank: 654	624 B
2	admedo.com 2 redirects pool.admedo.com — Cisco Umbrella Rank: 4594	717 B
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 873	1 KB
2	createjs.com code.createjs.com — Cisco Umbrella Rank: 1360	125 KB
2	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1005	344 B
2	everesttech.net 2 redirects cm.everesttech.net — Cisco Umbrella Rank: 1018 sync-tm.everesttech.net — Cisco Umbrella Rank: 575	748 B
2	omtrdc.net kaspersky.d3.sc.omtrdc.net — Cisco Umbrella Rank: 233441	560 B
2	kasperskycontenthub.com kasperskycontenthub.com — Cisco Umbrella Rank: 350744	1 KB
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 599
1	socdm.com 1 redirects tg.socdm.com — Cisco Umbrella Rank: 1857	685 B
1	contextweb.com 1 redirects bh.contextweb.com — Cisco Umbrella Rank: 587	383 B
1	bluekai.com 1 redirects stags.bluekai.com — Cisco Umbrella Rank: 469	1 KB
1	deepintent.com match.deepintent.com — Cisco Umbrella Rank: 933	44 B
1	technoratimedia.com sync.technoratimedia.com — Cisco Umbrella Rank: 1184	293 B
1	ipredictive.com 1 redirects sync.ipredictive.com — Cisco Umbrella Rank: 1001	428 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 822	577 B
1	yellowblue.io cs-server-s2s.yellowblue.io — Cisco Umbrella Rank: 3935	323 B
1	brand-display.com 1 redirects dmp.brand-display.com — Cisco Umbrella Rank: 1962	317 B
1	taboola.com sync.taboola.com — Cisco Umbrella Rank: 963	99 B
1	rfihub.com 1 redirects p.rfihub.com — Cisco Umbrella Rank: 725	755 B
1	onetag-sys.com onetag-sys.com — Cisco Umbrella Rank: 841	814 B
1	33across.com pixel.33across.com — Cisco Umbrella Rank: 2431
1	bing.com c.bing.com — Cisco Umbrella Rank: 230	595 B
1	mookie1.com odr.mookie1.com — Cisco Umbrella Rank: 906	324 B
1	digitaloceanspaces.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com — Cisco Umbrella Rank: 7077	5 KB
1	innovid.com ag.innovid.com — Cisco Umbrella Rank: 1481	297 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 782	415 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 938	3 KB
1	t.co t.co — Cisco Umbrella Rank: 463	338 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 518
1	ipify.org geo.ipify.org — Cisco Umbrella Rank: 63408	589 B
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 894	355 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 622	6 KB
1	fastclick.net secure.cdn.fastclick.net — Cisco Umbrella Rank: 1664	17 KB
1	kaspersky.com media.kaspersky.com — Cisco Umbrella Rank: 134181	48 KB
0	gemius.pl Failed googlecm.hit.gemius.pl Failed
462	87

	Domain	Requested by
32	threatpost.com	threatpost.com
31	pagead2.googlesyndication.com	srcdoc securepubads.g.doubleclick.net tpc.googlesyndication.com tagan.adlightning.com 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
27	cm.g.doubleclick.net	10 redirects googleads.g.doubleclick.net u.openx.net eb2.3lift.com ssum-sec.casalemedia.com g2.gumgum.com
23	tpc.googlesyndication.com	tagan.adlightning.com 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
18	s0.2mdn.net	imasdk.googleapis.com tagan.adlightning.com threatpost.com 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com s0.2mdn.net
16	ib.adnxs.com	5 redirects qd.admetricspro.com cds.connatix.com googleads.g.doubleclick.net acdn.adnxs.com ssum-sec.casalemedia.com
14	assets.threatpost.com	threatpost.com assets.threatpost.com
13	rtb.gumgum.com	1 redirects g2.gumgum.com
11	tagan.adlightning.com	threatpost.com tagan.adlightning.com 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
10	googleads.g.doubleclick.net	tagan.adlightning.com 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com googleads.g.doubleclick.net threatpost.com
10	ads.servenobid.com	qd.admetricspro.com public.servenobid.com ssum-sec.casalemedia.com g2.gumgum.com ssbsync.smartadserver.com
10	media.threatpost.com	threatpost.com
9	match.adsrvr.org	4 redirects u.openx.net eb2.3lift.com ssum-sec.casalemedia.com
9	capi-tier-2-us-east-2.connatix.com	cd.connatix.com
9	www.google.com	1 redirects threatpost.com tagan.adlightning.com 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com googleads.g.doubleclick.net
7	s.amazon-adsystem.com	4 redirects eb2.3lift.com ssum-sec.casalemedia.com
7	ups.analytics.yahoo.com	5 redirects googleads.g.doubleclick.net ssum-sec.casalemedia.com
7	eu-u.openx.net	u.openx.net qd.admetricspro.com eu-u.openx.net
7	us-u.openx.net	2 redirects googleads.g.doubleclick.net u.openx.net
7	e.serverbid.com	2 redirects qd.admetricspro.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
7	securepubads.g.doubleclick.net	tagan.adlightning.com www.googletagservices.com securepubads.g.doubleclick.net threatpost.com
7	qd.admetricspro.com	threatpost.com qd.admetricspro.com
6	eus.rubiconproject.com	qd.admetricspro.com eus.rubiconproject.com g2.gumgum.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
6	eb2.3lift.com	3 redirects qd.admetricspro.com eb2.3lift.com
6	googleads4.g.doubleclick.net	threatpost.com
6	vid.connatix.com	cd.connatix.com cds.connatix.com
6	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com threatpost.com
6	www.googletagservices.com	threatpost.com tagan.adlightning.com 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com googleads.g.doubleclick.net
5	token.rubiconproject.com	5 redirects
5	rtb-csync.smartadserver.com	eu-u.openx.net ssbsync.smartadserver.com
5	x.bidswitch.net	4 redirects eb2.3lift.com
5	pr-bh.ybp.yahoo.com	3 redirects eu-u.openx.net ssum-sec.casalemedia.com
5	pixel.advertising.com	5 redirects
5	c1.adform.net	5 redirects
5	ads.pubmatic.com	cds.connatix.com qd.admetricspro.com g2.gumgum.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	tag.1rx.io	qd.admetricspro.com cds.connatix.com
5	www.gstatic.com	www.google.com 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
5	www.googletagmanager.com	threatpost.com www.googletagmanager.com
5	cds.connatix.com	threatpost.com cd.connatix.com
5	c.amazon-adsystem.com	qd.admetricspro.com c.amazon-adsystem.com
4	sync.1rx.io	4 redirects g2.gumgum.com
4	match.prod.bidr.io	4 redirects
4	pixel.rubiconproject.com	2 redirects g2.gumgum.com
4	sync.search.spotxchange.com	3 redirects googleads.g.doubleclick.net
4	px.ads.linkedin.com	2 redirects eb2.3lift.com
4	1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com	securepubads.g.doubleclick.net tagan.adlightning.com
4	ap.lijit.com	1 redirects qd.admetricspro.com public.servenobid.com
4	fastlane.rubiconproject.com	qd.admetricspro.com
4	imasdk.googleapis.com	cd.connatix.com imasdk.googleapis.com
3	cs.emxdgt.com	2 redirects serverbid-sync.nyc3.cdn.digitaloceanspaces.com
3	usersync.gumgum.com	g2.gumgum.com
3	sync.outbrain.com	3 redirects
3	sync.go.sonobi.com	public.servenobid.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
3	b1sync.zemanta.com	3 redirects
3	sync.mathtag.com	3 redirects
3	acdn.adnxs.com	cds.connatix.com qd.admetricspro.com
3	js-sec.indexww.com	cds.connatix.com qd.admetricspro.com
3	adservice.google.com	tagan.adlightning.com 9582686.fls.doubleclick.net
3	adservice.google.de	tagan.adlightning.com adservice.google.com
3	prebid.a-mo.net	1 redirects qd.admetricspro.com cds.connatix.com
3	teachingaids-d.openx.net	qd.admetricspro.com cds.connatix.com
3	btlr.sharethrough.com	qd.admetricspro.com
3	c2shb.ssp.yahoo.com	qd.admetricspro.com
3	hbopenbid.pubmatic.com	qd.admetricspro.com cds.connatix.com
3	htlb.casalemedia.com	qd.admetricspro.com cds.connatix.com
3	pixel.quantserve.com	2 redirects threatpost.com
2	i.liadm.com	2 redirects
2	sync.tidaltv.com	2 redirects
2	creativecdn.com	2 redirects
2	secure-assets.rubiconproject.com	2 redirects
2	ad.360yield.com	2 redirects
2	pool.admedo.com	2 redirects
2	ssum-sec.casalemedia.com	1 redirects public.servenobid.com
2	ssbsync.smartadserver.com	public.servenobid.com g2.gumgum.com
2	pm.w55c.net	2 redirects
2	image6.pubmatic.com	2 redirects
2	rtb.openx.net	googleads.g.doubleclick.net eu-u.openx.net
2	code.createjs.com	s0.2mdn.net
2	u.openx.net	cds.connatix.com
2	mug.criteo.com
2	gum.criteo.com	1 redirects
2	sync.teads.tv	googleads.g.doubleclick.net
2	fonts.googleapis.com	1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
2	9582686.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	c2shb.pubgw.yahoo.com	cds.connatix.com
2	script.4dex.io	qd.admetricspro.com script.4dex.io
2	www.google.de	threatpost.com
2	id5-sync.com	cdn.id5-sync.com qd.admetricspro.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	img.connatix.com	threatpost.com
2	kaspersky.d3.sc.omtrdc.net	media.kaspersky.com
2	dpm.demdex.net	media.kaspersky.com threatpost.com
2	kasperskycontenthub.com	threatpost.com
1	pixel-us-east.rubiconproject.com	serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1	i6.liadm.com	serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1	gift-connect-d.openx.net	serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1	go.sonobi.com	serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1	id.rlcdn.com
1	ads.yahoo.com
1	tg.socdm.com	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	bh.contextweb.com	1 redirects
1	stags.bluekai.com	1 redirects
1	match.deepintent.com	g2.gumgum.com
1	sync.technoratimedia.com	g2.gumgum.com
1	sync.ipredictive.com	1 redirects
1	sync.srv.stackadapt.com	1 redirects
1	cs-server-s2s.yellowblue.io	g2.gumgum.com
1	secure.adnxs.com	1 redirects
1	dsum.casalemedia.com	ssum-sec.casalemedia.com
1	dmp.brand-display.com	1 redirects
1	sync.taboola.com	ssum-sec.casalemedia.com
1	p.rfihub.com	1 redirects
1	ce.lijit.com	1 redirects
1	onetag-sys.com	public.servenobid.com
1	pixel.33across.com	public.servenobid.com
1	g2.gumgum.com	public.servenobid.com
1	c.bing.com	eb2.3lift.com
1	image2.pubmatic.com	1 redirects
1	odr.mookie1.com	eu-u.openx.net
1	serverbid-sync.nyc3.cdn.digitaloceanspaces.com	qd.admetricspro.com
1	sync.serverbid.com	1 redirects
1	public.servenobid.com	qd.admetricspro.com
1	ag.innovid.com	googleads.g.doubleclick.net
1	cms.quantserve.com	1 redirects
1	partner.googleadservices.com	tagan.adlightning.com
1	px4.ads.linkedin.com
1	www.linkedin.com	1 redirects
1	snap.licdn.com	www.googletagmanager.com
1	mp.4dex.io	qd.admetricspro.com
1	tlx.3lift.com	qd.admetricspro.com
1	t.co	threatpost.com
1	analytics.twitter.com	tagan.adlightning.com
1	geo.ipify.org	qd.admetricspro.com
1	rules.quantcount.com	secure.quantserve.com
1	cm.everesttech.net	1 redirects
1	kaspersky.demdex.net	tagan.adlightning.com
1	ins.connatix.com	cd.connatix.com
1	lit.connatix.com	cd.connatix.com
1	static.ads-twitter.com	www.googletagmanager.com
1	secure.quantserve.com	www.googletagmanager.com
1	cdn.id5-sync.com	tagan.adlightning.com
1	secure.cdn.fastclick.net	tagan.adlightning.com
1	capi.connatix.com	cd.connatix.com
1	cd.connatix.com	1 redirects
1	media.kaspersky.com	threatpost.com
0	googlecm.hit.gemius.pl Failed	googleads.g.doubleclick.net
462	148

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
feedly.com
www.instagram.com
news.sophos.com
blog.checkpoint.com
www.vmware.com
kb.vmware.com
www.huntress.com
digital.nhs.uk
media.threatpost.com
www.trendmicro.com
u7061146.ct.sendgrid.net
bit.ly
akismet.com
t.co

Subject Issuer	Validity	Valid
threatpost.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-07-03`	a year	crt.sh
*.adlightning.com Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-08-11` - `2022-08-10`	a year	crt.sh
assets.threatpost.com Amazon	`2022-01-05` - `2023-02-03`	a year	crt.sh
media.threatpost.com Amazon	`2022-01-05` - `2023-02-03`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
kasperskycontenthub.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-07-03`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
media.kaspersky.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-31` - `2023-03-31`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
*.connatix.com Go Daddy Secure Certificate Authority - G2	`2021-08-20` - `2022-09-21`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
secure.cdn.fastclick.net DigiCert SHA2 Secure Server CA	`2022-01-15` - `2023-01-17`	a year	crt.sh
cdn.id5-sync.com R3	`2022-02-02` - `2022-05-03`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
*.d3.sc.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2022-02-17` - `2023-03-07`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.ipify.org Sectigo RSA Domain Validation Secure Server CA	`2022-02-07` - `2023-03-10`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.id5-sync.com R3	`2022-03-08` - `2022-06-06`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
e.serverbid.com R3	`2022-01-17` - `2022-04-17`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
ads.servenobid.com Amazon	`2021-06-28` - `2022-07-27`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2021-08-04` - `2022-09-04`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-03-08` - `2022-08-31`	6 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
*.3lift.com Amazon	`2021-06-12` - `2022-07-11`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2021-03-11` - `2022-04-12`	a year	crt.sh
*.sharethrough.com Amazon	`2021-08-13` - `2022-09-11`	a year	crt.sh
*.1rx.io Sectigo RSA Domain Validation Secure Server CA	`2021-06-01` - `2022-07-02`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.a-mo.net R3	`2022-02-18` - `2022-05-19`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
teads.tv R3	`2022-03-23` - `2022-06-21`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-04` - `2022-05-03`	3 months	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2021-12-10` - `2022-12-09`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
tls.adobe.com DigiCert SHA2 Secure Server CA	`2020-06-01` - `2022-06-06`	2 years	crt.sh
*.innovid.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-15` - `2023-04-15`	a year	crt.sh
public.servenobid.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-17` - `2023-02-17`	a year	crt.sh
*.nyc3.cdn.digitaloceanspaces.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-30`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-01-18` - `2022-07-13`	6 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2022-03-28` - `2022-09-28`	6 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2022-03-16` - `2022-09-16`	6 months	crt.sh
*.gumgum.com Amazon	`2021-06-05` - `2022-07-04`	a year	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-10` - `2023-01-03`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2021-12-08` - `2023-01-09`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-01-11` - `2022-07-06`	6 months	crt.sh
*.taboola.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-11-28` - `2022-12-29`	a year	crt.sh
*.technoratimedia.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-09-17` - `2022-10-05`	a year	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2020-04-09` - `2022-06-08`	2 years	crt.sh
*.ad-server.k8s.ie.ggops.com Amazon	`2022-02-15` - `2023-03-16`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
*.emxdgt.com Go Daddy Secure Certificate Authority - G2	`2021-05-18` - `2022-06-19`	a year	crt.sh

This page contains 73 frames:

Primary Page: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Frame ID: 755DD99A0751A320F1E4E4EF6B14A0F1
Requests: 149 HTTP requests in this frame

Frame: https://cds.connatix.com/p/157383/connatix.player.dc.js
Frame ID: DA4334D3E7C9023342079E3DEB8C328F
Requests: 23 HTTP requests in this frame

Frame: https://kaspersky.demdex.net/dest5.html?d_nsid=0
Frame ID: 7A32902D955C6185EEEC0B0A731B37F1
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.509.0_en.html
Frame ID: ED81EF4F7BD96C62580285D13FF08CA4
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.509.0_en.html
Frame ID: E88B748DEA7E8734DAD38B5CDCA73776
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.509.0_en.html
Frame ID: FF823EB5B6098571CCF1FD28606F5BB9
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: C9A00E9788C018323B5E024A8BBFA62A
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 541AABDE34B53F302F7020162DF1FA20
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 7F50738CDA57F4FE084F11439FBBB9B0
Requests: 1 HTTP requests in this frame

Frame: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Frame ID: EA36567718603777DA993D335B8F02D3
Requests: 16 HTTP requests in this frame

Frame: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 5BB55E6F15DB3A000B1C5CA1BE6AD137
Requests: 1 HTTP requests in this frame

Frame: https://9582686.fls.doubleclick.net/activityi;dc_pre=CKPa5LTR-vYCFQ3eGwod4JsIHA;src=9582686;type=globalc;cat=globa0;ord=9027629594759;gtm=2od3u0;auiddc=457431537.1649083138;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F;u6=;u7=26686259351274717732467004971664565391-414288784.1649083137;u9=_log4jshell-swarm-vmware-servers-miners-backdoors_179142_;~oref=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F
Frame ID: 99F0D6F01199E665F9FACEC7A8787352
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 02F2160ED7B4C65EFC703E966C95AF0C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F11E94C890E36B0529E8AFA5F2959B05
Requests: 2 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CKPa5LTR-vYCFQ3eGwod4JsIHA;src=9582686;type=globalc;cat=globa0;ord=9027629594759;gtm=2od3u0;auiddc=457431537.1649083138;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F;u6=;u7=26686259351274717732467004971664565391-414288784.1649083137;u9=_log4jshell-swarm-vmware-servers-miners-backdoors_179142_;~oref=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F
Frame ID: 648E30CAE2C82F22B715B184B352E597
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=CKPa5LTR-vYCFQ3eGwod4JsIHA;src=9582686;type=globalc;cat=globa0;ord=9027629594759;gtm=2od3u0;auiddc=457431537.1649083138;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F;u6=;u7=26686259351274717732467004971664565391-414288784.1649083137;u9=_log4jshell-swarm-vmware-servers-miners-backdoors_179142_;~oref=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F
Frame ID: 369C3106005758B5149B6922C02DC9E6
Requests: 1 HTTP requests in this frame

Frame: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 1AEC9DB1E0982BFB8C72EABA3607E286
Requests: 16 HTTP requests in this frame

Frame: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: BF3423D919B945DA7EE543A7D36DDE66
Requests: 16 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-39123b0-71ac0870.js
Frame ID: 9CD93B2477CD3EDA599F46522D22CB9A
Requests: 14 HTTP requests in this frame

Frame: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 40727A75F65B50F8FE1BB88064B5C8A9
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220330/r20190131/zrt_lookup.html
Frame ID: CAF4543A5CD4B90AC89756B612F1B7C5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCs8_wBGOuk5bMBMAE&v=APEucNW9ZxgUq_aVQr7OVuRAJUN7n5AYX_RHwIUjRk6EtMWe2JdSKqkc_e08-M8vmNA0RTS_1y7poYCfJadGad9QQDd986MVnKHNhAP23bQBVR_t7_t0EHU
Frame ID: 4F4302E09B599C53777AFA8E678AC9A0
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCr8_wBGMjCiqcBMAE&v=APEucNVyLcSz0LPHVqwsfq7fF58gCnA35A41ej1lM1h6hSGB-vesKZJ6_ZSSl6mywP-wdVoUq_kRi7WkkAU_dMw4I9Xm1ZAwOCRFHeuk-8NdwR_bFfqd7x4
Frame ID: 176E74584AEC8560AD768A857E76B216
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 6E0B31EFE9B29CD1BACD5F0C39D1DE71
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=250&slotname=2376748102&adk=2477513961&adf=776186307&pi=t.ma~as.2376748102&w=300&psa=0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649083139182&bpp=8&bdt=475&idt=1524&shv=r20220330&mjsv=m202203280101&ptt=9&saldr=aa&cookie=ID%3D155ab87f274ca756%3AT%3D1649083137%3AS%3DALNI_MYdxEOrovTRxR8cNDXAOvWW_urnLg&correlator=6197558240533&frm=23&ife=4&pv=2&ga_vid=414288784.1649083137&ga_sid=1649083141&ga_hid=1130113428&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1082&ady=1551&biw=1600&bih=1200&isw=300&ish=250&ifk=1199468016&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44760475%2C44761043%2C31065971%2C21065725%2C31064019&oid=2&pvsid=3187653422567155&pem=854&tmod=1773897540&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ciw8pvy0ctg8&btvi=1&fsb=1&dtd=1585
Frame ID: A13836F74437B66E484DD1605512D16A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 527A1C833C8677194F8D63AA0DD95854
Requests: 2 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: EDD49ACA9C3E9D81A832AE2F963BDE4F
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 02853059EED927D6E9B3F88C842EA1B1
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: BA1A4149D6191C59B688B900334D135B
Requests: 3 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Frame ID: 3CEDBBE1DB19A8AD23A5B7AE8C44878B
Requests: 7 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: 5E7E7D0FE555C92FA985A3660185EC32
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: 4FD72241CBE48B865EF940FB19F3692D
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Frame ID: E68676CBCF08E3911C8732EB6D2C6905
Requests: 7 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 88926CA2DB6245AA05D850D7E2D48914
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/12982318618422280192/fil-rouge_or_internet-internet0921_728x90_dis-iab/index.html
Frame ID: 20E5F4093C550B02C722FF4A309589D7
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/8942916408153473024/fil-rouge_or_mobile-changermobilet22021_300x250_dis-iab/index.html
Frame ID: A3BC6A20F71FF24F85DA7FCA8666ED92
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIvVChDJgxMYiNLdxgEwAQ&v=APEucNU8w1EmqWOIta1blw9E78DyPVaBSUnlmkmY3upywoWbVgybjkOF24e5a4_IMtCGRJKGqllQTzhvIbbkF6De2wFKlq_q3UW-h6mQJQGgJEgv4Kjx8BcXL46tUZJa81rWnk2VnHN8bQA-qCpFg6KVDpz00Jz8karMwpRc5ziaVDa5PDA0oPY
Frame ID: 50EF4140C180C3F02FC056554F3B18D5
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BzaTvEw9QYWFTwmiqR0AvhmWWHUTTruladPLXx1CpFJeLbmv_i6755Tu2lJEGTVLqevA8iY45rshp2XX2kVgCFEYXdDzWc21wip4YPXrd1glN5n0vSgwxj1DX9C5wOD4eQMhzLHrtwyLXNRqfJ31hbEEvAjA&dbm_d=AKAmf-B5Uwmr-fJ8_DZY5rBWFT2F8CN-Qwoy8ffvEqqFAHCF8noK_mSuP8MnCqt2Cw6XhRn5t11JN8h3urj68pKcjzJSZPZTWe0b21kZ6WNadMNgnlRx_w7PXtLRgU947fUqB-wMdZz3OIV9-WVd5Q0ZfwybDcQ0ojDQPxXD45OWEGTxJ4TJ6VNxh3fzQBv70s6T0-1RIWsR4zM7RhwnGcyqi0JamGsrfdpDqrzQdEOfBqKH_n2Mbuu0_QNxVSyKPaWycj31XZdaxn43Z-zqMZlIFgYMgngGYLYb-dypnX9qsk4aVdGPb_ljYep3pyCQ-PoHmxoRD2ztZEeUWGbHb_E6j_-M9TDK97JolBDetg_dMmUqCXlbkup8BNBBioolT9u9T5H8Z1MgAI7jzf9CYosNE7NhPM1xupUtZk1-t7eAQ-qCxSNt4Jy9XmvgSibaUvl1ykOcG30Ju90XkhBVWzE7atCHtEM-nCCw7rjDQdJsI7ArCSm5GPVgjyVsMRId23oHnhwNoP05da6qcjR0TbQCnh-w6R3kvcs9h0goHI0RdaxeFViMwWx5_Bjil1lKhe_7u8dK_dp1UaLdNuDQSWJUYdEgIAeZv7mgLvNaVcsuPL7TumM-_0WaYyccdVIB5J6X7BJvDs-Sc6k6Rzje8zEbM74VtNVGzlZEYv7HvqiIAhk8AgcuujnEMK7oe_H-zmkiHxrAH8SnNoSlXIq864A9jhB01OqjtTWhMwPTXBFHDe6Ca7UA0wdY0xNY-dpLL7F5O5qWdI8YHizYlDVpsvK3j1p46aVMqUBGs36li7rdAq8mTeRx3xF1F4UTZLlE167VWBOinNvXBVR85kyVYk2IZedhsbS6FVRrch76-wYSBNi1Uni3hFG78K5bwOF5SsbhPiWeIc-PkKkOIbGDdXV_2M1lBv7X5ts1ROqUuO8jQmNlgOygZi-NaFlhcQumGOhsgSRe0TrG6LeI2ZTCj_qNWGyEJDj4gKhCXIar9BvK9JtsWAESoaLtD1EU-poCUPy_J6oo2eJilaoROD_rDeURyiDCY8ewvZ7D5Mlq9N_-FnUL8xf32KedK9HDgzlKjLzENWyL480xDoKzEI7E5HzhjWb4T3wImHAcwLU4y9T0bd8RviR_efyQo-lIFoQ3ScAz45oftVOC4RyOA-Wh9Jpcjz6kTgtbp34zbdlgSkMYzLf8opNmJJ0YkIjjH1BvcAqEQlPYVfD-lnGZlGEyeUXBK7-eUXnZC5gAnsIygQfA8vSG90wT34gROViRAwbQ-c-A6V_K8BjLtXYakqI3G8RpVEJrFbIMZ2ONJ4yD1zgNIB9AZFwCRVrU6ggiBbEg2UlSO8ZZdSiw-CA7bAIkV6XsPBvttT6kQbqUdyl4PJSIeGnIWBDm2pA4_07EtyuZo8UkGZJNhiU0eipPI9JCQo1fv3af-RW_dB_QNI5kbRnpCQhvdAQ323RojEkx2PnwVy4sxSr5gieKyAwiF4RWkCnT04n9SNTC-VTRcOmx9GULC-XsNjqswdP0mgyZ-XVnIb489dWfrXDZ2iAW8g4KzWYHFHaHE9bxwc0G1PMd-i31LNjj0kfv2A5B40v1VqqvFRUc1ugbKv5Lszn1uCztHGSfHKxVoECjvWEDeQE5qHNe7Gh7kCBzVM_O-zO1ej6TvjT-gAjSbskfeaHsrP3vjA0-czSVfw0we30HwD1HFQ4blKV128csnzckY8974d41bzg7hbDbXrvbH2Np1fAnA0ilD-VR4v3fZNWTOzRDwzrCw1L1ReFB8zdGqoC6D3m0vnj-vc0lm5Bu3ko0pSlehSjll7f1Yzgx3Xf6mhsdyLbBg07hIdH8hMu4UX-ah5-hqKecJilpLOJ3b0zQ5TBCinpiBVS-q48nqK3KSxcbUxgx7BTj6UxbhtZ6sboEONmOFLpPpf4nF4mn7b052rWuPp0Tue0fPMfpZaFtiaXtq6ghoNThu4eotQ6vNMdZubyRpOcz__pM2JGf5bsMEj2c2ckogrxlN5QMSbPx8E83ddrblvzcqu_ZnHPcbOyOZGkti5u5_mLjm_kwbxLMGGQl923pE6S_wMtsFRLt-foifhdHCnizyAnbSqPVuKdlzxJaAkvi6Uy02Ce_fo6V673kVGq4cfsXxkpiSksMKYk5b_j5AKaMkH8L2pR9RXSjeBD5NXQI0VdJcUo6g7HBd3cDehUk9r-1hicdbSq0ipacEjStYlAjtIw_Y4eWqblcprfAZC8pBKCO6-Gjam_1oV6oGjV8HhFCWyZpljJ4PGoMCSkvT1JNkM7MGl-zFdCqn7Ac0fZeR03F2C_GWAVnavQrjH9Os4CWu_BXUYXS34-afR-RkJbjL7CGCIjIJqL31zaP48I1Ac7zfjR7vkzI8eJZ8AozQStFuVdZRrsS0E3ZZX6SX4VVeRCLJaPhfJB817yVcMnu7FM4EOg3iDHKGzSjdKSC9NQAq52mmdJk8IAlpfbPZsM92iyjppW6OiqHhYNricfLa9iGsH9Z54Ig9K3vXOrz-AeZUA-dhRlYBuOTAS5WMDUutTMoABl94sGZnGQqiq8BIGAQBM0959SQxm8bxeE1v7Rn9zdvFTK_iwUd3Sd0cnBjkO5M12TZu4uH6oNe8te_HcC1OT-OEHJ_iGlcXX64cKoi5U_fDvh5UL-jNWx2Uxp2Pg8no6EgINQcsW6vw8vlTfcg04zny_906UQhWi84ET-erY4Saquf2ryB8_1B6WEkunTaYDqjvi3hhbhbWT3MYgS4rBPWZgIU9ondNIncOGRTQheGZBELsHM6B3Vsf9oz9TIkNA8_3g-szmJNEs_zf30o_Pzxsf5ohBbuK4rJrg1P4mTif390oYKznE4FacUmIXJQhGjofeWQrdTaNKhx2NsNj3XyCDMBNkKcCFFR2dfTtCmpzA8i9MX83Do_zsAh9BpMFMlKuRsCfn6ACpeW8vJeo3w75xm2Shb6be6a249T7zG6DAOqFCZn-e0Ysfvw8TNy2hj-jq1r05YSzHuWoPJJnfiOsTwTFQWJp7DAygoTt63A89ikmNuFB5Fi8QR4ooB9k7z6_jRQxldbniPsr86B2J-Z7EAx2cuh3I4R2Hmq_kXt3hcF1EAqQlOhXVfHYv6GUbsNcipgKRx84B3QKSEi8Vs5FIqpkPKvaKGr8H8DdDWxPAkM6p7rHtDsy0uSC2AmNcmGjFa-JbFEb1E9ztdFwEQ9VxOEuW2tQr7UrBtlgirW1yg8KLahj-0io9gtCv8jqvkc6iXvMAdeQBX2aWQdOTyiPbIetlx-EAYScLwmMJzK6Q&cid=CAASJORowqIQ8bKMvSm5EG6fF_vTN2RxbNtrJwJMUx1QnYJ2YH9Cjg&rfl=3%2Chttps%253A%252F%252Fthreatpost.com%242%2Chttps%253A%252F%252Fthreatpost.com%252F%240
Frame ID: F069A470F0477E92BB37532EDAB3A19C
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: E4C8918C3A84303108AD63B1A22BD708
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F3576CBE2E0AC16DFEDCAEA2C22830EA
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/14996117020957875645/index.html
Frame ID: E10C54811B17B1AD88A130329795FC1D
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 898FBE7FDC654258D04F8FC9786992F4
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 441F0795CF449E4907358A071F4A915B
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 24BE3A3E99093BE052A2CB3AF03F46CB
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 453924C1C64BF58431B8DE03C181A690
Requests: 2 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: F3573BA94DAD8BEA86B2973A854C46E1
Requests: 9 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: 92CA98A7AE9A044338A65939A3AC3B4F
Requests: 11 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 58B4962E0EAE6FFA33F3BCA456896F05
Requests: 3 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 4C46A87F26BC44E6F7627AA2E17D35F2
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13394437
Frame ID: DDC9625C798280D367F034234BC88475
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Frame ID: 7CD8521A0ED96ED0FF8522D5EA04D2F7
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 32FF9B5A8C791D45A76FF470FC65E0F6
Requests: 10 HTTP requests in this frame

Frame: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Frame ID: 1C77303187FCABF7E6BA5D7ACF3F43E9
Requests: 8 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Frame ID: 0AA9504613B3E9F56F8CB1CAB7B59C3A
Requests: 7 HTTP requests in this frame

Frame: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Frame ID: 9FFBEE173B81047392A7846A9BFFD006
Requests: 16 HTTP requests in this frame

Frame: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Frame ID: 1B4215FA3176B0F695BB07F70AA1A9CC
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Frame ID: 0B8B55F8B8ACE94660E7B3153E8DB647
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Frame ID: A90EE48F27BC4E39B2D2EB964071D073
Requests: 6 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Frame ID: 785F2275A27BA7CE202623CDD329D445
Requests: 10 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=mmh&i=613a624b-0304-4300-ab1f-1c2ce15bc642&gdpr=0&gdpr_consent=
Frame ID: F2617A171EEFA00ABE59162446BA74D5
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=atm&i=YksC-wAAAHsVCAQA&gdpr=0&gdpr_consent=
Frame ID: E5F5E75ED13AB73FC6889A3D94BEAA13
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV83MjZjMGYyZC0zNmVhLTQxYTQtYjA1NS1mZDMyZjUxMDdkZmI=&gdpr=0&gdpr_consent=
Frame ID: BB7F9D56CB7F1E0EB6F0B934EC46F51A
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: BFC6712929E2CC216C26911DFCBA9BDC
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=ttd&i=56c64d6a-ae00-4926-ae6f-e73bea6241af&t=1651675142
Frame ID: 20A300671E977A116C1F342EA22EE22B
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: AE3DA1DBE79967458F6E57A101916EC2
Requests: 3 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=emx&uid=7017324650599299232brt201261649083142371530f1
Frame ID: 7A16BE2CD2F26C6D263D992249CBD1EC
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=YksDBsCo8YQAAJH2ng4AAAAA
Frame ID: D14F5D8F0FBEAB475B42EE01B0A80FF8
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=utWF8ZYrCiZqaPlmyHE5&pi=gumgum&tc=1
Frame ID: D35D8478BD23180D762AE2D1E7ADDF17
Requests: 1 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?ssp=pbs&redirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D44%26userId%3D%24UID
Frame ID: 57F103E1191095993314665CF10F149A
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
Frame ID: FB07B84D65489F4107733A9D24E7B479
Requests: 3 HTTP requests in this frame

Frame: https://go.sonobi.com/uc.html?pubid=e55fb5d7c2
Frame ID: 71943FF34823E20CE67A9436B882798C
Requests: 1 HTTP requests in this frame

Frame: https://gift-connect-d.openx.net/w/1.0/cm?id=fd531c74-f5ed-4e60-8874-939fb2acafa1&r=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D19%26userId%3D
Frame ID: 2CDFA3363F7D26FFD38CBCD50ED9292C
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156319&userIdMacro=PM_UID&predirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D4%26userId%3DPM_UID
Frame ID: 59AD0F7218C3043549FABEC157DC1FE4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log4JShell Used to Swarm VMware Servers with Miners, Backdoors | Threatpost

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

/prebid\.js
adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

462
Requests

84 %
HTTPS

27 %
IPv6

87
Domains

148
Subdomains

99
IPs

9
Countries

6370 kB
Transfer

15523 kB
Size

116
Cookies

23 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://twitter.com/threatpost/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/threatpost/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/threatpost

Search URL Search Domain Scan URL

URL: https://feedly.com/threatpost

Search URL Search Domain Scan URL

URL: https://www.instagram.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://news.sophos.com/en-us/2022/03/29/horde-of-miner-bots-and-backdoors-leveraged-log4j-to-attack-vmware-horizon-servers/
Title: reported

Search URL Search Domain Scan URL

URL: https://blog.checkpoint.com/2022/01/10/check-point-research-cyber-attacks-increased-50-year-over-year/
Title: reported

Search URL Search Domain Scan URL

URL: https://www.vmware.com/security/advisories/VMSA-2021-0028.html
Title: VMware Horizon

Search URL Search Domain Scan URL

URL: https://kb.vmware.com/s/article/87073
Title: released

Search URL Search Domain Scan URL

URL: https://www.huntress.com/blog/cybersecurity-advisory-vmware-horizon-servers-actively-being-hit-with-cobalt-strike
Title: flagged

Search URL Search Domain Scan URL

URL: https://twitter.com/GossiTheDog/status/1484145056198053891
Title: attacks

Search URL Search Domain Scan URL

URL: https://digital.nhs.uk/cyber-alerts/2022/cc-4002
Title: installed web shells

Search URL Search Domain Scan URL

URL: https://media.threatpost.com/wp-content/uploads/sites/103/2022/03/29124520/attack-horizon-e1648572335942.jpg

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/en_us/research/21/i/cryptominer-z0miner-uses-newly-discovered-vulnerability-cve-2021.html
Title: found

Search URL Search Domain Scan URL

URL: https://media.threatpost.com/wp-content/uploads/sites/103/2022/03/29155214/Base64_encoded_blob-e1648583546965.jpg

Search URL Search Domain Scan URL

URL: https://u7061146.ct.sendgrid.net/ls/click?upn=4tNED-2FM8iDZJQyQ53jATUeZY5vOK6hHL-2FZQIhe5-2B4JVOehUh4Rb8p3ey37Q9OVEIiWGDSjejxPvkb8ovY0h-2FaWB9dvcXCl3SBCFSEuV5tcRGFsPYlsbDvD-2BUBbuZrpjG-2F3o76yv-2FjW7fnR-2BbuAqcTKlC8Ql3vteVWIz1-2F4jQ39BlDgn8Ze7x-2FjjxdfusIUCoWeHw_q07lK5GAAVvAnbc-2Fr-2FBDhAPhoMvwzp-2Bdh4wgfTcF0AUhu01ZMXdKNJrsN0iCyDU7ehW0N22Ype9yCK1TM6XYzQ9CpkZyf7pccI4YxuRF0BJuYEbml5ScFK0-2F-2FZqd-2FdTf4msXI8najxJ51o4YJVhtdqJKuSTmaXDsB1uynL70vmZixJBnwPhKCug0sz-2BmD22NzQdTPN5KP9W-2FB8FFI76ksSSNzbmCCaVViVDpzZ8413vH2SK7hoc-2F9PgDFHE5nPDuAWqJnV7-2B1m3omM9hPkKC6f0TGhlnK7L2Rm0UV3m4RfnEylMOpa8zOk3ZpTlH4NHB441qOzaGmeusjrgk12h1-2FHBCuMABwcfwmdXp6d8OUxE-3D
Title: report

Search URL Search Domain Scan URL

URL: https://u7061146.ct.sendgrid.net/ls/click?upn=4tNED-2FM8iDZJQyQ53jATUemyDumHlbVHpjKINAYc3Jk-3DThvL_q07lK5GAAVvAnbc-2Fr-2FBDhAPhoMvwzp-2Bdh4wgfTcF0AUhu01ZMXdKNJrsN0iCyDU7ehW0N22Ype9yCK1TM6XYzQ9CpkZyf7pccI4YxuRF0BJuYEbml5ScFK0-2F-2FZqd-2FdTf4msXI8najxJ51o4YJVhtdqJKuSTmaXDsB1uynL70vmZixJBnwPhKCug0sz-2BmD22NzQdTPN5KP9W-2FB8FFI76ksRzfCH77Y1C4pRGOycTIJafHsN-2B4KnSygPf4489ZnosIN0CloPhQCESwF4k9NfwdKmZsgKHx6JGWXjEVL3UpRuh84NABjevUYJLlxFeyFD2KR14VLhnCySOfOl1QNCbp-2F2Vu3lWjuUOLb0td2Dh5r3I-3D
Title: Gurucul

Search URL Search Domain Scan URL

URL: https://bit.ly/3Jy6Bfs
Title: FREE downloadable eBook

Search URL Search Domain Scan URL

URL: https://akismet.com/privacy/
Title: Learn how your comment data is processed

Search URL Search Domain Scan URL

URL: https://t.co/BPJICAG9rN
Title: https://t.co/BPJICAG9rN

Search URL Search Domain Scan URL

URL: https://twitter.com/threatpost
Title: Follow @threatpost

Search URL Search Domain Scan URL

URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/12/09015533/ThreatpostMK_TEMPLATE.pdf
Title: Advertise With Us

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 45

https://cd.connatix.com/connatix.player.js HTTP 302
https://cds.connatix.com/p/157383/connatix.player.dc.js

Request Chain 93

https://cm.everesttech.net/cm/dd?d_uuid=31216196506237851593199361533659695829 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YksC-wAAAHsVCAQA

Request Chain 183

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1649083138091&url=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39138%26time%3D1649083138091%26url%3Dhttps%253A%252F%252Fthreatpost.com%252Flog4jshell-swarm-vmware-servers-miners-backdoors%252F179142%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1649083138091&url=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1649083138091&url=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&liSync=true&e_ipv6=AQLxfqNghEgeoQAAAX_1A7-u9hD9yABJLQ__oTfIKyIBniTzPhgDwMi2W0Uxy26KxesD7_KuyQCF6TT8dTOEomi5rWAbPw

Request Chain 187

https://9582686.fls.doubleclick.net/activityi;src=9582686;type=globalc;cat=globa0;ord=9027629594759;gtm=2od3u0;auiddc=457431537.1649083138;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F;u6=;u7=26686259351274717732467004971664565391-414288784.1649083137;u9=_log4jshell-swarm-vmware-servers-miners-backdoors_179142_;~oref=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F HTTP 302
https://9582686.fls.doubleclick.net/activityi;dc_pre=CKPa5LTR-vYCFQ3eGwod4JsIHA;src=9582686;type=globalc;cat=globa0;ord=9027629594759;gtm=2od3u0;auiddc=457431537.1649083138;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F;u6=;u7=26686259351274717732467004971664565391-414288784.1649083137;u9=_log4jshell-swarm-vmware-servers-miners-backdoors_179142_;~oref=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F

Request Chain 242

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMEf7dQG7ol9Py0mOaf-1Dg&google_cver=1&gdpr=0 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMEf7dQG7ol9Py0mOaf-1Dg&google_cver=1&gdpr=0&C=1

Request Chain 243

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgdpr%3D0%26google_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=casale_media2_dsp_secure&google_cm&google_hm=YksDBIYFreWLoXXsueWyFAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMEf7dQG7ol9Py0mOaf-1Dg&google_cver=1&gdpr=0

Request Chain 244

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=0 HTTP 302
https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEG-tVY1GQWQj16K327k_4YM&google_cver=1

Request Chain 245

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzAxNzMyNDY1MDU5OTI5OTIzMg%3D%3D

Request Chain 246

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENhJzeyum4yeQo9-knoBd0g&google_cver=1&gdpr=0

Request Chain 247

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&gdpr=0&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NDIyNjlkZTQtOWVkNi0yOWI5LWM4NmEtMmU0ODY3MmI5NWNj

Request Chain 248

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm&gdpr=0 HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESECfqkDCig1eRflL_Uh3t1K0&google_cver=1&gdpr=0

Request Chain 264

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=_ohSrXxyOHhxVCtPNWxaYWQrUW1HUm0xVlZjeWJwOVdtZko4YnNJWDhHQUdCalBieFpnb2sxOFZUbTJUQ1MrVzBEeXpFUElSMUdkOVBoaVB6Z29QK1VubjcyTy9wSUZTUFpsaFlza1hXTmVjK2FOc09jQjYwVkJ5VkhxdjZkTlVPaklkeUNMaG5SdWpVN2c5NmFNTUFXUUNhUVh0V2tOYklzZWNEZXJQYTY1RTFFQlc4N0svTUNNSVREYWRYb3Rmam02QTFjaHhHck8vY2Nya1BSaHJPcWJuT2VoSStzL2NrOUtvZjNwcC85ZThpTnE4PXw&cppv=2

Request Chain 279

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=620d624b-0303-4f00-a88b-a338aac875b9

Request Chain 280

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=ALSFMwa1gWEbsoMwVLWcMA-1hWQbv9dkD7HZ7rFi

Request Chain 281

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2816406467213944867

Request Chain 284

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENhJzeyum4yeQo9-knoBd0g&google_cver=1

Request Chain 285

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=613a624b-0304-4300-ab1f-1c2ce15bc642

Request Chain 286

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=ALSFMwa1gWEbsoMwVLWcMA-1hWQbv9dkD7HZ7rFi

Request Chain 287

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5535059824318979941

Request Chain 290

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENhJzeyum4yeQo9-knoBd0g&google_cver=1

Request Chain 298

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 309

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEB-54P075eJAGj-S4bK8xnE&google_cver=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEB-54P075eJAGj-S4bK8xnE&google_cver=1&__user_check__=1&sync_id=f7900ea9-b424-11ec-be73-1d37f49c0306

Request Chain 310

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=f7901c8e-b424-11ec-ad3a-14604df00306 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Zjc5MDFjNTMtYjQyNC0xMWVjLWFkM2EtMTQ2MDRkZjAwMzA2

Request Chain 311

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm&google_dbm&_origin=1 HTTP 302
https://pixel.advertising.com/ups/55946/sync?uid=CAESEMQqrsYJJELTFV-TyPfEsPQ&_origin=1&google_cver=1 HTTP 302
https://pixel.advertising.com/ups/55946/sync?uid=CAESEMQqrsYJJELTFV-TyPfEsPQ&_origin=1&google_cver=1&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEMQqrsYJJELTFV-TyPfEsPQ&_origin=1&google_cver=1&apid=UPf78d2eef-b424-11ec-a461-02c4a1bc5354 HTTP 302
https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEMQqrsYJJELTFV-TyPfEsPQ&_origin=1&google_cver=1&apid=UPf78d2eef-b424-11ec-a461-02c4a1bc5354&verify=true

Request Chain 312

https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true HTTP 302
https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/55946/sync?_origin=1&redir=true&apid=UPf78d2eef-b424-11ec-a461-02c4a1bc5354 HTTP 302
https://ups.analytics.yahoo.com/ups/55946/sync?_origin=1&redir=true&apid=UPf78d2eef-b424-11ec-a461-02c4a1bc5354&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVBmNzhkMmVlZi1iNDI0LTExZWMtYTQ2MS0wMmM0YTFiYzUzNTQ%3D

Request Chain 337

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESECn3GRWWoGLmvTo4IG7OhTU&google_cver=1&google_push=AYg5qPKtFgc9lUR7Diz2NnDAb7jCEikF73xwppGydXCTzNhSRsliprqNBQB9RrnzO9UECk3cNFtt6V2Qvz8LEcM4TWQMuBsSvTg3 HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPKtFgc9lUR7Diz2NnDAb7jCEikF73xwppGydXCTzNhSRsliprqNBQB9RrnzO9UECk3cNFtt6V2Qvz8LEcM4TWQMuBsSvTg3&google_hm=TynzHA0n8IU9VLa7xAATqA

Request Chain 339

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESENldudopZqpPrt8w53K6eYU&google_cver=1&google_push=AYg5qPIbafK9QDlwAbwxThFkNsAYMEKTBjJQ-5uXl3v78tG9FofUO3enyor7aRVInDAMiQYnbHb1IJeC3waV0PuKqvVnuXnfvZOH HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESENldudopZqpPrt8w53K6eYU&google_cver=1&google_push=AYg5qPIbafK9QDlwAbwxThFkNsAYMEKTBjJQ-5uXl3v78tG9FofUO3enyor7aRVInDAMiQYnbHb1IJeC3waV0PuKqvVnuXnfvZOH&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=wPNN6HwERwS4i01WDZfwIQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIbafK9QDlwAbwxThFkNsAYMEKTBjJQ-5uXl3v78tG9FofUO3enyor7aRVInDAMiQYnbHb1IJeC3waV0PuKqvVnuXnfvZOH

Request Chain 340

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJzY0o2MplYujvkEpMx2LTE&google_cver=1&google_push=AYg5qPLExu0OjX4MPvFFLo3afB0rkQ2UqR92sX1eKE6Ki5xCUAmZgxze9topngcisAPo4rJD6EcNMMGmoDxZfDfsspvyepzWvwhl HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFLVElSUVEtSC1BRkpS&google_push=AYg5qPLExu0OjX4MPvFFLo3afB0rkQ2UqR92sX1eKE6Ki5xCUAmZgxze9topngcisAPo4rJD6EcNMMGmoDxZfDfsspvyepzWvwhl

Request Chain 341

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDlzhL3FvnFQneeYBa7tuOU&google_cver=1&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnHGG6Sgvrlad HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnHGG6Sgvrlad&google_cver=1&google_gid=CAESEDlzhL3FvnFQneeYBa7tuOU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnHGG6Sgvrlad&google_cver=1&google_gid=CAESEDlzhL3FvnFQneeYBa7tuOU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnHGG6Sgvrlad&google_cver=1&google_gid=CAESEDlzhL3FvnFQneeYBa7tuOU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnHGG6Sgvrlad&google_cver=1&google_gid=CAESEDlzhL3FvnFQneeYBa7tuOU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnHGG6Sgvrlad&google_cver=1&google_gid=CAESEDlzhL3FvnFQneeYBa7tuOU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnHGG6Sgvrlad&google_cver=1&google_gid=CAESEDlzhL3FvnFQneeYBa7tuOU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnHGG6Sgvrlad&google_cver=1&google_gid=CAESEDlzhL3FvnFQneeYBa7tuOU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnHGG6Sgvrlad&google_cver=1&google_gid=CAESEDlzhL3FvnFQneeYBa7tuOU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnHGG6Sgvrlad&google_cver=1&google_gid=CAESEDlzhL3FvnFQneeYBa7tuOU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnHGG6Sgvrlad&google_cver=1&google_gid=CAESEDlzhL3FvnFQneeYBa7tuOU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnHGG6Sgvrlad&google_cver=1&google_gid=CAESEDlzhL3FvnFQneeYBa7tuOU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnHGG6Sgvrlad&google_cver=1&google_gid=CAESEDlzhL3FvnFQneeYBa7tuOU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnHGG6Sgvrlad&google_cver=1&google_gid=CAESEDlzhL3FvnFQneeYBa7tuOU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnHGG6Sgvrlad&google_cver=1&google_gid=CAESEDlzhL3FvnFQneeYBa7tuOU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnHGG6Sgvrlad&google_cver=1&google_gid=CAESEDlzhL3FvnFQneeYBa7tuOU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnHGG6Sgvrlad&google_cver=1&google_gid=CAESEDlzhL3FvnFQneeYBa7tuOU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnHGG6Sgvrlad&google_cver=1&google_gid=CAESEDlzhL3FvnFQneeYBa7tuOU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnHGG6Sgvrlad&google_cver=1&google_gid=CAESEDlzhL3FvnFQneeYBa7tuOU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnHGG6Sgvrlad&google_cver=1&google_gid=CAESEDlzhL3FvnFQneeYBa7tuOU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnHGG6Sgvrlad&google_cver=1&google_gid=CAESEDlzhL3FvnFQneeYBa7tuOU

Request Chain 362

https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

Request Chain 368

https://sync.serverbid.com/ss/2000891.html HTTP 302
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Request Chain 372

https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=bbCHfU671NBnRc5

Request Chain 373

https://x.bidswitch.net/sync?ssp=openx HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=openx HTTP 302
https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=c3a5455c-a691-4fce-9c0d-6ef0dd768474&ssp=openx&gdpr=&gdpr_consent=

Request Chain 374

https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=7017324650599299232

Request Chain 375

https://match.prod.bidr.io/cookie-sync/ox HTTP 303
https://match.prod.bidr.io/cookie-sync/ox?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFGUFVFN0VsZ1lBQURZWE5aRGx6Zw&bee_sync_partners=pm%2Csas%2Cpp%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Csas%2Cpp%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1 HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAFPUE7ElgYAADYXNZDlzg&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpp%252Cox%26bee_sync_current_partner%3Dpm%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpp%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2 HTTP 303
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAFPUE7ElgYAADYXNZDlzg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID

Request Chain 378

https://eb2.3lift.com/ebda?sync=1&gdpr=1&cmp_cs= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzAzMzUzMzAzMjY0NzY0MzI4NjYyNQ%3D%3D

Request Chain 380

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzAzMzUzMzAzMjY0NzY0MzI4NjYyNQ%3D%3D

Request Chain 382

https://pr-bh.ybp.yahoo.com/sync/triplelift/3033533032647643286625?gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=2662&xuid=y-Vj33FTVE2oR_PQfWNJW90qvWPnWZXoc7QJQ5jQJC9Q--~A&dongle=0883

Request Chain 385

https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=3033533032647643286625 HTTP 302
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=3033533032647643286625&dcc=t

Request Chain 386

https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1

Request Chain 393

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
https://ads.servenobid.com/sync?pid=312&uid=7017324650599299232

Request Chain 394

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D HTTP 302
https://ads.servenobid.com/sync?pid=310&uid=a6a0b6e82264d0d69e00062c

Request Chain 396

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1649083143295 HTTP 302
https://ads.servenobid.com/sync?pid=321&uid=OPTOUT

Request Chain 397

https://p.rfihub.com/cm?pub=44007&in=1 HTTP 302
https://ads.servenobid.com/sync?pid=324&uid=5140084920359864151

Request Chain 399

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D HTTP 302
https://ads.servenobid.com/sync?pid=327&uid=205df589-d6b1-4bcd-9246-27c517b23db5&gdpr=0&gdpr_consent=&us_privacy=1YN-

Request Chain 400

https://ups.analytics.yahoo.com/ups/58559/occ HTTP 302
https://ads.servenobid.com/sync?pid=337&uid=y-lCoAacdE2uF4PIgXxua2mm2GZg8zplVkLldCi78-~A

Request Chain 401

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YksDBIYFreWLoXXsueWyFAAABKEAAAIB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&dcc=t

Request Chain 408

https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3CIndex_user_id%3E&gdpr=1 HTTP 302
https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=de245464-ce81-a966-9bb8442d

Request Chain 410

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID HTTP 302
https://rtb.gumgum.com/usersync?b=apn&i=7017324650599299232

Request Chain 411

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_726c0f2d-36ea-41a4-b055-fd32f5107dfb&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_custom_parameter=c3a5455c-a691-4fce-9c0d-6ef0dd768474 HTTP 302
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_custom_parameter=c3a5455c-a691-4fce-9c0d-6ef0dd768474 HTTP 302
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=48291d83-92ba-493f-9864-fc0a78520a54&user_group=1&ssp=gumgum2&bsw_param=c3a5455c-a691-4fce-9c0d-6ef0dd768474 HTTP 302
https://rtb.gumgum.com/usersync?b=bsw&i=c3a5455c-a691-4fce-9c0d-6ef0dd768474

Request Chain 412

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
https://rtb.gumgum.com/usersync?b=obn&i=ENC%28kiat4sEtewo-KURyBytF7LgWMLfHQ5gi41ngN_8iEaFHqnmGmuA0Am9NK-TJv2Ka%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28kiat4sEtewo-KURyBytF7LgWMLfHQ5gi41ngN_8iEaFHqnmGmuA0Am9NK-TJv2Ka%29 HTTP 302
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_726c0f2d-36ea-41a4-b055-fd32f5107dfb&obuid=ENC(kiat4sEtewo-KURyBytF7LgWMLfHQ5gi41ngN_8iEaFHqnmGmuA0Am9NK-TJv2Ka) HTTP 302
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING&redirect=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Drise%26uid%3D%5BpartnerId%5D%26obUid%3Dkiat4sEtewo-KURyBytF7LgWMLfHQ5gi41ngN_8iEaFHqnmGmuA0Am9NK-TJv2Ka%26gdpr%3D%24GDPR_APPLIES%26gdpr_consent%3D%24CONSNT_STRING

Request Chain 413

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://rtb.gumgum.com/usersync?b=opx&i=9974ea5e-7fb4-4f4b-baf1-641c65995aea

Request Chain 414

https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=sta&i=0-bff119f1-decd-411d-6f93-4e2d7044401d$ip$217.64.151.9

Request Chain 415

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=oth&i=y-rnrcOgBE2pc.BKpXUaGq6dfy6jOXdq1iHFW1~A

Request Chain 416

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
https://rtb.gumgum.com/usersync?b=vnt&i=f8bab27a-b424-11ec-b297-832d259745f8

Request Chain 419

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_726c0f2d-36ea-41a4-b055-fd32f5107dfb&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://stags.bluekai.com/site/23178?id=Wvnl_dgpV09Y7gTjL88H&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2V3WNZWF6ZDHOBLDAOKZG5TVI2SMHA4EQJTVONPXA4TJOZQWG6J5GEWS2LI&gdpr=0&us_privacy=1--- HTTP 302
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2V3WNZWF6ZDHOBLDAOKZG5TVI2SMHA4EQJTVONPXA4TJOZQWG6J5GEWS2LI HTTP 302
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=Wvnl_dgpV09Y7gTjL88H&us_privacy=1---

Request Chain 420

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://usersync.gumgum.com/usersync?b=idi&i=bf8628ed-a1d0-44a5-b84c-83296fb9e707

Request Chain 421

https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent= HTTP 302
https://sync.1rx.io/usersync2/floor6?zcc=1&cb=1649083142311

Request Chain 422

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
https://rtb.gumgum.com/usersync?b=pln&i=kYC031P2n8y5&ev=1&pid=558355

Request Chain 425

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
https://rtb.gumgum.com/usersync?b=mmh&i=613a624b-0304-4300-ab1f-1c2ce15bc642&gdpr=0&gdpr_consent=

Request Chain 426

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
https://usersync.gumgum.com/usersync?b=atm&i=YksC-wAAAHsVCAQA&gdpr=0&gdpr_consent=

Request Chain 429

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=ttd&i=56c64d6a-ae00-4926-ae6f-e73bea6241af&t=1651675142

Request Chain 430

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
https://eus.rubiconproject.com/usync.html?p=gumgum

Request Chain 431

https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=0&gdpr_consent= HTTP 302
https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24EMXUID HTTP 302
https://cs.emxdgt.com/umcheck?apnxid=7017324650599299232&redirect=https://usersync.gumgum.com/usersync?b=emx&i=$EMXUID HTTP 302
https://usersync.gumgum.com/usersync?b=emx&uid=7017324650599299232brt201261649083142371530f1

Request Chain 432

https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
https://rtb.gumgum.com/usersync?b=sus&i=YksDBsCo8YQAAJH2ng4AAAAA

Request Chain 433

https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
https://rtb.gumgum.com/usersync?b=rth&i=utWF8ZYrCiZqaPlmyHE5&pi=gumgum&tc=1

Request Chain 435

https://match.adsrvr.org/track/cmf/generic?ttd_pid=smart-adserver&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=smart-adserver&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?partnerid=75&issi=1&partneruserid=7f0abd6a-1fa3-418c-99fb-344c195a3f4e&gdpr=1&gdpr_consent=

Request Chain 436

https://sync.1rx.io/usersync2/smartadserver?gdpr=0&gdpr_consent= HTTP 302
https://sync.1rx.io/usersync2/smartadserver?zcc=1&cb=1649083142330 HTTP 302
https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=OPTOUT

Request Chain 437

https://c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent= HTTP 302
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=2816406467213944867&gdpr=0&gdpr_consent=

Request Chain 438

https://sync.tidaltv.com/genericusersync.ashx?dpid=3157&gdpr=0&gdpr_consent= HTTP 302
https://sync.tidaltv.com/genericusersync.ashx?dpid=3157&gdpr=0&gdpr_consent=&s_h=1 HTTP 302
https://rtb-csync.smartadserver.com/redir/?partnerid=96&partneruserid=7b76632d-07ae-438d-9b72-94ecb3d98783&gdpr=0&gdpr_consent=

Request Chain 440

https://token.rubiconproject.com/token?pid=26594 HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L1KTIRQQ-H-AFJR&sigv=1&esig=2~8a68af6d4586aae9680cfe121ad9138e6ba92208

Request Chain 441

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L1KTIRQQ-H-AFJR

Request Chain 442

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MGMwNjMzYmUwODhlMGJhZGU2ODNjZmU0YzE1ZDI3NzNmNTE3Mjk1Ng

Request Chain 444

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/aFYYHE31p7n0giL_gGqAAg?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=3716779519947541492

Request Chain 445

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFLVElSUVEtSC1BRkpS

Request Chain 446

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=13wyoVL-Tc2R1gPaQVwlfQ&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=13wyoVL-Tc2R1gPaQVwlfQ

Request Chain 449

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17632&endpoint=us-east HTTP 301
https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east

Request Chain 453

https://ib.adnxs.com/getuid?https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D28%26userId%3D%24UID HTTP 302
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=7017324650599299232

Request Chain 454

https://ssum-sec.casalemedia.com/usermatchredir?s=185073&cb=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D HTTP 302
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=YksDBIYFreWLoXXsueWyFAAA%261185

Request Chain 455

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D24%26userId%3D%24UID HTTP 307
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=24&userId=a6a0b6e82264d0d69e00062c

Request Chain 457

https://pixel.advertising.com/ups/56621/occ HTTP 302
https://ups.analytics.yahoo.com/ups/56621/occ?apid=UPf78d2eef-b424-11ec-a461-02c4a1bc5354 HTTP 302
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UPf78d2eef-b424-11ec-a461-02c4a1bc5354

Request Chain 458

https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dco%26nuid%3D HTTP 302
https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-0f8574af-8540-4539-bcf9-99d2fa4be766

Request Chain 459

https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fi.liadm.com%2Fs%2F56939%3Fbidder_id%3D203802%26bidder_uuid%3D HTTP 302
https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-0f8574af-8540-4539-bcf9-99d2fa4be766 HTTP 303
https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-0f8574af-8540-4539-bcf9-99d2fa4be766&_li_chk=true&previous_uuid=a4c5ce24128546f49abe57cb9e6dd515 HTTP 303
https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-0f8574af-8540-4539-bcf9-99d2fa4be766

462 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/ 98 KB
27 KB 393ms
193ms Document
text/html 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

238061d07939050aa57e683993b5cb59c2c55eb278f6841bd44ea9082d2f4ae1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Connection: close
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Mon, 04 Apr 2022 14:38:53 GMT
Link: <https://threatpost.com/wp-json/>; rel="https://api.w.org/" <https://threatpost.com/wp-json/wp/v2/posts/179142>; rel="alternate"; type="application/json" <https://threatpost.com/?p=179142>; rel=shortlink
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Debug-Auth: off
X-Frame-Options: SAMEORIGIN
X-Request-Host: threatpost.com
X-XSS-Protection: 1; mode=block
x-cache-hit: HIT

GET
H/1.1 200
OK museosans-900italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
15 KB 389ms
196ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 8edaef698e025c37ba9e8d632a895d7252c62251df3f095d5cff17b6f3304854

Request headers

Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 14:38:54 GMT
Last-Modified: Mon, 04 Apr 2022 09:15:25 GMT
Server: nginx
ETag: "624ab72d-3ca8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 15528

GET
H/1.1 200
OK museosans-900-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 385ms
193ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 4823c011e4b4cb4b7f35ced3ab09d57215ee243676d9bfcc24d10ec77d3db398

Request headers

Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 14:38:54 GMT
Last-Modified: Mon, 04 Apr 2022 09:15:28 GMT
Server: nginx
ETag: "624ab730-5124"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 20772

GET
H/1.1 200
OK museosans-700italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
16 KB 386ms
192ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 14:38:54 GMT
Last-Modified: Mon, 04 Apr 2022 09:15:28 GMT
Server: nginx
ETag: "624ab730-3dcc"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 15820

GET
H/1.1 200
OK museosans-700-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 387ms
192ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 14:38:54 GMT
Last-Modified: Mon, 04 Apr 2022 09:15:25 GMT
Server: nginx
ETag: "624ab72d-51a4"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 20900

GET
H/1.1 200
OK museosans-500italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 388ms
194ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4

Request headers

Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 14:38:54 GMT
Last-Modified: Mon, 04 Apr 2022 09:15:28 GMT
Server: nginx
ETag: "624ab730-5c74"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 23668

GET
H/1.1 200
OK museosans-500-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 388ms
193ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 14:38:54 GMT
Last-Modified: Mon, 04 Apr 2022 09:15:28 GMT
Server: nginx
ETag: "624ab730-5194"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 20884

GET
H/1.1 200
OK museosans-300italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 774ms
195ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189

Request headers

Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 14:38:54 GMT
Last-Modified: Mon, 04 Apr 2022 09:15:25 GMT
Server: nginx
ETag: "624ab72d-5bac"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 23468

GET
H/1.1 200
OK museosans-300-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 772ms
194ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 14:38:54 GMT
Last-Modified: Mon, 04 Apr 2022 09:15:28 GMT
Server: nginx
ETag: "624ab730-51b8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 20920

GET
H/1.1 200
OK museosans-100italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 774ms
192ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 038fc4d49a9191d416d49841f371b6e0b06bb40f719124099d40fe8f393b9e2c

Request headers

Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 14:38:54 GMT
Last-Modified: Mon, 04 Apr 2022 09:15:28 GMT
Server: nginx
ETag: "624ab730-5b34"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 23348

GET
H/1.1 200
OK museosans-100-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
20 KB 774ms
194ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 14:38:54 GMT
Last-Modified: Mon, 04 Apr 2022 09:15:25 GMT
Server: nginx
ETag: "624ab72d-50c8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 20680

GET
H2 200 op.js Show response
tagan.adlightning.com/math-aids-threatpost/ 44 KB
18 KB 61ms
18ms Script
application/javascript 108.157.4.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-6.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4d94a0f51bade076fa154e469f12563fcee377fd94d79ca6d080d231e0e8b1d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-version-id: HkG2Wiu3pjH4_E8Lal0CHGT1z3YrEXeV
content-encoding: gzip
etag: "c4d48c8dc1b5ae975f43aaa90c2be257"
age: 2734
x-cache: Hit from cloudfront
content-length: 18353
x-amz-meta-git_commit: 7b120a5
last-modified: Sat, 02 Apr 2022 00:32:20 GMT
server: AmazonS3
date: Mon, 04 Apr 2022 13:53:22 GMT
content-type: application/javascript
via: 1.1 f97c9082b750957571bc7e3354a4f4a4.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
x-amz-cf-id: 0p9jqfpRNfjMDRnjBKbY075z1ADE8ZF6DSeM_yxfhO1l3PoyV_ELOg==

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 83 KB
28 KB 53ms
16ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a458687751e48d0f34909564714e7c6dd152c0bef1e10c7c78d3f0d8a2ba1b91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28412
x-xss-protection: 0
server: sffe
etag: "1177 / 933 of 1000 / last-modified: 1649070439"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 04 Apr 2022 14:38:55 GMT

GET
H2 200 ros-layout.js Show response
qd.admetricspro.com/js/threatpost/ 26 KB
4 KB 100ms
33ms Script
application/javascript 2606:4700:3030::ac43:cf70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a647d79b31b4b19f30c795aac862bcf5b424731c732e239775127b8ac4aae0a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 362
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 09 Mar 2022 04:05:55 GMT
server: cloudflare
etag: W/"67e2-5d9c136d2119a-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GMj49DgiB%2B0b1%2Bltph%2Bzx7lb47SFeEvXg29lSciEPRCpwCRPRessZ9b1xMpL6z7oBy0QmZ5Wk%2FGMELpVsu6sTsrA8PaMWSJvx4lW0ws35Co9hxvr3b1YK6zw6igfIoQMODXcLc1ZXYOKl1U3tYFCpmwf"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6f6aca531e0941fc-MRS
expires: Mon, 04 Apr 2022 14:40:31 GMT

GET
H2 200 cmp.js Show response
qd.admetricspro.com/js/threatpost/ 310 KB
90 KB 53ms
42ms Script
application/javascript 2606:4700:3030::ac43:cf70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 519815bc4a3dd9a571cb56f57c7c6abfbda2b4e2de8c4b884a7535a1705438f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 72
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 01 Jun 2021 14:47:10 GMT
server: cloudflare
etag: W/"4d957-5c3b56abf6028-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LqS6FMVWaULx7a77WJ2mFzvW3rJapXzUJo5DrpwGBtUzIh0o%2Fmen%2F5lCn77y71zBEy9RRIK4A8aIeHQ5ixlqAeweV5YvtAqhwZXyXYqcu3Z7gXf0D31QV31aovAPuh4btz2DGuL2JX6jqmaMcjHxpk8m"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6f6aca5a2a7e41fc-MRS
expires: Mon, 04 Apr 2022 14:39:38 GMT

GET
H2 200 uspcmp.js Show response
qd.admetricspro.com/js/threatpost/ 148 KB
58 KB 76ms
65ms Script
application/javascript 2606:4700:3030::ac43:cf70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 72
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 08 Aug 2020 22:40:07 GMT
server: cloudflare
etag: W/"24e50-5ac65673cef1c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vP5VgAXBtiSY3636D0%2B9iDPC6BlACnxG6NycaJ%2BXK30S3%2FbyyJwC%2FhZ%2B3GP7pur9jJDaYmgr9I2SkYtEpntOA0TBcwBUDPEgCk8plFTTBAu6rX14MkTMnnJGCb1IAmh%2BRnBq2FlsGz54DHZYxpNHAy1c"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6f6aca5a2a8141fc-MRS
expires: Mon, 04 Apr 2022 14:39:42 GMT

GET
H2 200 targeting.js Show response
qd.admetricspro.com/js/threatpost/ 393 B
551 B 43ms
33ms Script
application/javascript 2606:4700:3030::ac43:cf70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/targeting.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03cc687f0c8a2d1694e509b91fcd6c62c0fbdbdbdb850b8007b8052f649c7f77

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 72
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 21:50:12 GMT
server: cloudflare
etag: W/"189-5c8c2c96f96c7-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1IhYuTfrQ5FDZ1adfgf9edpSN6uanKrOqazyp3amlEiWdxjtdgFYBqbhdBb4eaIg7gK5TAf9pwnkNrW0OxuR%2BgVaMMnTCnPqeqVTn4A%2FZcYjNgwqHMsHqV71nlUTmZbnPd%2F05FCdedNX3nXqRV82wPUz"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6f6aca5a2a8341fc-MRS
expires: Mon, 04 Apr 2022 14:39:16 GMT

GET
H2 200 prebid.js Show response
qd.admetricspro.com/js/threatpost/ 430 KB
124 KB 74ms
65ms Script
application/javascript 2606:4700:3030::ac43:cf70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c8c03fd4dea0f2c83fa05b10dfd913bfcff51d05e0c6e84b7f340b857fdda517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 72
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 14 Oct 2021 15:35:01 GMT
server: cloudflare
etag: W/"6b738-5ce51d26ef74c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rdGeCDHnpzS%2BBNU%2FCcL53L0I%2FgzDThL1lH6UZHa0ldDw6ieHb4aG9ZDO2eys9HxcJQVd0%2BWP48IOqRuDSnbFG6ij0u2jMyGZSlbluTQWfbyIKGsbiQypFSHbYSF6%2BYHPBYVleD8%2FDAGx9wperzQtT%2BUR"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6f6aca5a2a8641fc-MRS
expires: Mon, 04 Apr 2022 14:40:36 GMT

GET
H2 200 engine.js Show response
qd.admetricspro.com/js/threatpost/ 35 KB
11 KB 102ms
36ms Script
application/javascript 2606:4700:3030::ac43:cf70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/engine.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e6377776a1104aed9b11142115b22dcaad3cf78ae76d255e454b04b7189af32

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 362
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 24 Jan 2022 02:31:38 GMT
server: cloudflare
etag: W/"8cae-5d64ac49b9c1c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yZy1Zx0CV9slr3vlxSIHI%2Bfw1eohjaPFPzuacNNzypUc0D1fIM0SePLZv858mYsMnX1MrMLUIG4l5%2FH1sQ1OqOYpKNuVjzOJidEdFOAbLotEL8S1UKOlqLH%2Fnz67tLvF9Po3VUaZDDfBarMCg6aRp0%2F%2B"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 6f6aca531e0c41fc-MRS
expires: Mon, 04 Apr 2022 14:40:36 GMT

GET
H2 200 /
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 294 KB
42 KB 487ms
454ms Stylesheet
text/css 2600:9000:2057:1c00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db

Requested by

Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:1c00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

62cbf085d014439b719c84c3d2f3222fde66e299c2da1b41dfc4dbb315db0456

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:54 GMT
content-encoding: gzip
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
content-length: 42696
x-cache-hit: HIT
last-modified: Mon, 04 Apr 2022 09:15:26 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css; charset=utf-8
via: 1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: 9sQqrhBblbHaMi_B8_Sq-ZL97IuSD3GfTCUMC7CjQ6H_246Vb80hxA==
expires: Tue, 05 Apr 2022 09:18:00 GMT

GET
H/1.1 200
OK jquery-1.12.4-wp.js Show response
threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/ 95 KB
37 KB 774ms
194ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 14:38:54 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:25 GMT
Server: nginx
ETag: W/"624ab72d-17a56"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 14:38:54 GMT

GET
H/1.1 200
OK alert_text.js Show response
threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/ 107 B
461 B 679ms
98ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/alert_text.js?ver=1649063725
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 68cdaaeccd079ab33df06d3e5fb47594a4458a6491d48a8ae2f394defb419eb5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 14:38:54 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:25 GMT
Server: nginx
ETag: W/"624ab72d-6b"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 14:38:54 GMT

GET
H/1.1 200
OK alert.js Show response
threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/ 4 KB
2 KB 970ms
97ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-cookies-notification/scripts/alert.js?ver=1649063725
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 500288356853c7199a27a6a2cdcd14b217d18dd9c8103272d8e6def6acbe2580

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 14:38:54 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:27 GMT
Server: nginx
ETag: W/"624ab72f-104a"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 14:38:54 GMT

GET
H/1.1 200
OK public.js Show response
threatpost.com/wp-content/plugins/honeypot-comments/public/assets/js/ 116 B
495 B 1061ms
98ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/honeypot-comments/public/assets/js/public.js?ver=1.0.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 931dc539e87db7f509be9c77dfcc9b2baee0b91e5236aa04580ab14ed81e2cc0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 14:38:54 GMT
Content-Encoding: gzip
Last-Modified: Wed, 11 Jun 2014 19:20:42 GMT
Server: nginx
ETag: W/"5398ac0a-74"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 14:38:54 GMT

GET
H/1.1 200
OK kaspersky-twitter-pullquote.js Show response
threatpost.com/wp-content/plugins/kspr_twitter_pullquote/js/ 599 B
713 B 1064ms
97ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js?ver=1.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 1791bf831c158912a11ca40bcf5f3573fc54ec8f8343c37780dab679c0203d63

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 14:38:54 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:27 GMT
Server: nginx
ETag: W/"624ab72f-257"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 14:38:54 GMT

GET
H/1.1 200
OK loadmore.js Show response
threatpost.com/wp-content/themes/threatpost-2018/assets/js/ 4 KB
2 KB 1068ms
100ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/js/loadmore.js?ver=5.9.2
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e0f1df7af81fd8eb920863093c426fdafd241b8d9aeb6126fb2fd24f36c061b3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 14:38:54 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:26 GMT
Server: nginx
ETag: W/"624ab72e-11e7"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 14:38:54 GMT

GET
H/1.1 200
OK social-share.js Show response
threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/js/ 18 KB
6 KB 1161ms
192ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js?ver=1.0.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 546be401414bcb20cdea07cdbcd806409b9629e4895737e214401948c40409f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 14:38:54 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:25 GMT
Server: nginx
ETag: W/"624ab72d-484d"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 14:38:54 GMT

GET
H2 200 mosquito-scaled-e1648585357672.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2022/03/29162217/ 43 KB
43 KB 43ms
8ms Image
image/jpeg 2600:9000:214f:6800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2022/03/29162217/mosquito-scaled-e1648585357672.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 53f6440548312e912300ca5fafa1cba39283dca8ba7c84e4a6a8ace656b95adb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 20:33:16 GMT
via: 1.1 6ea9fcffa719a56ee2be748a73d37974.cloudfront.net (CloudFront), 1.1 85dc19f43b2a0bd8840fdf8baf07d762.cloudfront.net (CloudFront)
last-modified: Tue, 29 Mar 2022 20:22:38 GMT
server: AmazonS3
age: 497140
etag: "d988a13058f3c755c254a7e440a97ce0"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, FRA53-C1
accept-ranges: bytes
content-length: 43776
x-amz-cf-id: CGm88WPW0nnTzK0z7wyFE3dIqnE_zfcAfuv5HKgFwMUDjGeWnGqT-w==
expires: Wed, 29 Mar 2023 20:22:37 GMT

GET
H2 200 infosec_insiders_in_article_promo.png
media.threatpost.com/wp-content/uploads/sites/103/2021/07/10165815/ 20 KB
20 KB 39ms
8ms Image
image/png 2600:9000:214f:6800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/07/10165815/infosec_insiders_in_article_promo.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bbe4e4e4e847a32bd717d963f0ac04b619a7a9cdd631a7454d9dfec16fbae73f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 04 Jan 2022 23:44:31 GMT
via: 1.1 985c0b2ec44bdebc7f24f26d1e427d31.cloudfront.net (CloudFront), 1.1 85dc19f43b2a0bd8840fdf8baf07d762.cloudfront.net (CloudFront)
last-modified: Tue, 10 Aug 2021 20:58:17 GMT
server: AmazonS3
age: 7743265
etag: "101ba02c43488b8b07cf42f9aa850f6a"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2, FRA53-C1
accept-ranges: bytes
content-length: 20484
x-amz-cf-id: klnQy2h56shvOMuMo05hSphmV_YsP_o3Rv7bMaSdris9p1yzemFBVg==
expires: Wed, 10 Aug 2022 20:58:15 GMT

GET
H3 200 api.js Show response
www.google.com/recaptcha/ 852 B
575 B 38ms
17ms Script
text/javascript 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?hl=en&render=explicit

Requested by

Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8fb4a4f4521a94032afdb851a8612f898a1e8a40705d06df03ddfa932d3ca274

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 554
x-xss-protection: 1; mode=block
expires: Mon, 04 Apr 2022 14:38:55 GMT

GET
H/1.1 200
OK scripts.js Show response
kasperskycontenthub.com/threatpost-global/wp-content/plugins/kaspersky-embeds/js/ 2 KB
1 KB 306ms
99ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://kasperskycontenthub.com/threatpost-global/wp-content/plugins/kaspersky-embeds/js/scripts.js?ver=1.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1f863d13dbad7d5240f577a73b47b06227d218909259042da95301e2eb8be55

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 14:38:55 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:25 GMT
Server: nginx
ETag: W/"624ab72d-828"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 14:38:55 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 852 B
970 B 41ms
15ms Script
text/javascript 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=explicit&ver=202124050927

Requested by

Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

68cc26362c0cc4baa161311ed8f92a440624b120f844cecef402a4c7f94bf39d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 557
x-xss-protection: 1; mode=block
expires: Mon, 04 Apr 2022 14:38:55 GMT

GET
H/1.1 200
OK main.js Show response
threatpost.com/wp-content/plugins/kaspersky-gravity-forms-dynamic-recaptcha/assets/js/ 3 KB
1 KB 290ms
97ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/kaspersky-gravity-forms-dynamic-recaptcha/assets/js/main.js?ver=202124050927
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 4d52f37b83f70c5035632548c652508d793eec55e17f2ac19552f4fa19d323be

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 14:38:55 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:27 GMT
Server: nginx
ETag: W/"624ab72f-ab4"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 14:38:55 GMT

GET
H2 200 s_code_single_suite.js Show response
media.kaspersky.com/tracking/omniture/ 172 KB
48 KB 93ms
28ms Script
application/javascript 185.85.15.31
KL-EXT

General

Check archive.org

Show headers Download Go to

Full URL

https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.2

Requested by

Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

Protocol

Security

TLS 1.3, , CHACHA20_POLY1305

Server

185.85.15.31 , Germany, ASN200107 (KL-EXT, CH),

Reverse DNS

Software

/ Kaspersky Labs, Kaspersky Labs

Resource Hash

9e89048f0456e3b02cedb7cf76410b3576a32bad0f1cc024640f01e1339b3a71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
etag: "8044e984f147d81:0"
x-powered-by: Kaspersky Labs, Kaspersky Labs
alt-svc: h3=":443"; ma=86400
content-length: 49271
x-xss-protection: 1; mode=block
last-modified: Mon, 04 Apr 2022 06:59:25 GMT
server
x-frame-options: SAMEORIGIN
date: Mon, 04 Apr 2022 14:38:54 GMT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600
x-server: fr2/FRA4
accept-ranges: bytes
x-content-type-options: nosniff

GET
H/1.1 200
OK main.js Show response
threatpost.com/wp-content/themes/threatpost-2018/assets/js/ 114 KB
40 KB 391ms
195ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/js/main.js?ver=202107061113
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 4e0b5563ff1fc5175d65e11e1546bee1945486d65d76c9248bdd77487532dadf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 14:38:55 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:28 GMT
Server: nginx
ETag: W/"624ab730-1c643"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 14:38:55 GMT

GET
H/1.1 200
OK regenerator-runtime.min.js Show response
threatpost.com/wp-includes/js/dist/vendor/ 6 KB
3 KB 294ms
97ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 14:38:55 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Mar 2022 00:51:39 GMT
Server: nginx
ETag: W/"622a9d1b-195e"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 14:38:55 GMT

GET
H/1.1 200
OK wp-polyfill.min.js Show response
threatpost.com/wp-includes/js/dist/vendor/ 19 KB
8 KB 296ms
99ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 14:38:55 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Mar 2022 00:51:39 GMT
Server: nginx
ETag: W/"622a9d1b-4b3d"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 14:38:55 GMT

GET
H/1.1 200
OK dom-ready.min.js Show response
threatpost.com/wp-includes/js/dist/ 1 KB
989 B 297ms
97ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/dom-ready.min.js?ver=ecda74de0221e1c2ce5c57cbb5af09d5
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 14:38:55 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Mar 2022 00:51:39 GMT
Server: nginx
ETag: W/"622a9d1b-4e9"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 14:38:55 GMT

GET
H/1.1 200
OK hooks.min.js Show response
threatpost.com/wp-includes/js/dist/ 6 KB
2 KB 300ms
97ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/hooks.min.js?ver=1e58c8c5a32b2e97491080c5b10dc71c
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 14:38:55 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Mar 2022 00:51:39 GMT
Server: nginx
ETag: W/"622a9d1b-163a"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 14:38:55 GMT

GET
H/1.1 200
OK i18n.min.js Show response
threatpost.com/wp-includes/js/dist/ 10 KB
4 KB 294ms
101ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/i18n.min.js?ver=30fcecb428a0e8383d3776bcdd3a7834
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 14:38:55 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Mar 2022 00:51:39 GMT
Server: nginx
ETag: W/"622a9d1b-28a7"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 14:38:55 GMT

GET
H/1.1 200
OK a11y.min.js Show response
threatpost.com/wp-includes/js/dist/ 3 KB
2 KB 292ms
99ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/dist/a11y.min.js?ver=68e470cf840f69530e9db3be229ad4b6
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 927e16d837ac9f46ddb4a64c8fea1cbe39343902c91b14e11b484e9b01f98cdd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 14:38:55 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Mar 2022 00:51:39 GMT
Server: nginx
ETag: W/"622a9d1b-bfd"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 14:38:55 GMT

GET
H/1.1 200
OK jquery.json.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 2 KB
1 KB 292ms
99ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.5.16.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 693c8b61667ac94847264924178702a190c5113b41b82085dad0641f89e3f864

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 14:38:55 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:25 GMT
Server: nginx
ETag: W/"624ab72d-730"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 14:38:55 GMT

GET
H/1.1 200
OK gravityforms.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 43 KB
15 KB 387ms
193ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.5.16.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 69f0ade8cca67112ef495f707fb73c68fd5099a6cd9c51d9ba9ceda8dcca16f7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 14:38:55 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:27 GMT
Server: nginx
ETag: W/"624ab72f-abe0"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 14:38:55 GMT

GET
H/1.1 200
OK conditional_logic.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 8 KB
3 KB 293ms
99ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/conditional_logic.min.js?ver=2.5.16.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 7104f88840a420f1702717d900db98910deb6141ad639bb7338b88993e989c72

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 14:38:55 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:25 GMT
Server: nginx
ETag: W/"624ab72d-213f"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 14:38:55 GMT

GET
H/1.1 200
OK placeholders.jquery.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 5 KB
2 KB 292ms
99ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.5.16.3
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: public
Date: Mon, 04 Apr 2022 14:38:55 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Apr 2022 09:15:27 GMT
Server: nginx
ETag: W/"624ab72f-121f"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Mon, 11 Apr 2022 14:38:55 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 134 KB
36 KB 33ms
13ms Script
application/javascript 65.9.62.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/engine.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.62.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-62-173.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 3ef5bfd224e0baa902eb88c94979cfaeccf2169a996c601fa3de4c3f3b33da01

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-version-id: .7apL996dsR_ZFPBtTTtY5SRaPfBf8DJ
content-encoding: gzip
etag: 4e3fad24a118a07cea7ce88b2721a583
age: 433
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 1HEQS87HBDM6JC36N1JZ
date: Mon, 04 Apr 2022 14:31:44 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 cae542650fb32c773cc494fc6e7e71e6.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: OByDLeYDRCP5ye4s8wvJl_qAbK3sYQxOKWbKP2mz1ycQiVEOnoXHzQ==

GET
H2

200

connatix.player.dc.js Show response
cds.connatix.com/p/157383/ Frame DA43
Redirect Chain

https://cd.connatix.com/connatix.player.js
https://cds.connatix.com/p/157383/connatix.player.dc.js

859 KB
200 KB

9ms
8ms

Script
application/javascript

151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/157383/connatix.player.dc.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: H2
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: b1ed25b06e9dc8a8fdf322a31ec753509f7f53a97907cb5048444d0c25361820

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:54 GMT
content-encoding: br
last-modified: Mon, 04 Apr 2022 13:23:09 GMT
age: 3020
etag: "ff75549e21d9f300a4fea22cf7adbe23"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 204822

Redirect headers

location: https://cds.connatix.com/p/157383/connatix.player.dc.js
date: Mon, 04 Apr 2022 14:38:54 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
accept-ranges: bytes
content-length: 0
access-control-max-age: 86400

GET
H2 200 hls.5b3b785f487abbe00eee.js
cds.connatix.com/p/157383/ Frame DA43 0
47 KB 7ms
6ms Other
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/157383/hls.5b3b785f487abbe00eee.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:54 GMT
content-encoding: br
last-modified: Mon, 04 Apr 2022 13:23:10 GMT
age: 3021
etag: "182f65d040bfb9544bd8f71472475672"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 48258

GET
H/1.1 200
OK / Show response
kasperskycontenthub.com/ 0
398 B 293ms
99ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://kasperskycontenthub.com/?dm=ed1f9e435dc885292eab65620c51f3fb&action=load&blogid=103&siteid=1&t=765934628&back=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 14:38:55 GMT
X-Content-Type-Options: nosniff
Server: nginx
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Type: application/javascript
x-cache-hit: HIT
Transfer-Encoding: chunked
X-Debug-Auth: off
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Request-Host: kasperskycontenthub.com
X-XSS-Protection: 1; mode=block

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 182 KB
60 KB 50ms
28ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Requested by

Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

93eb07c110cb5ad90163c26468fbf7421062b3270835fd1da910ca41b44a3e06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61827
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 04 Apr 2022 14:38:55 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 503 KB
117 KB 20ms
19ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3

Requested by

Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

40692d1435a1bcb1ae63668f273ccb2f80f9180ea8351014a76ceaccb15f92c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119632
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 04 Apr 2022 14:38:55 GMT

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/ 13 KB
13 KB 298ms
101ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 14:38:55 GMT
Last-Modified: Mon, 04 Apr 2022 09:15:26 GMT
Server: nginx
ETag: "624ab72e-328e"
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 12942

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/ 13 KB
13 KB 294ms
100ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 14:38:55 GMT
Last-Modified: Mon, 04 Apr 2022 09:15:25 GMT
Server: nginx
ETag: "624ab72d-328e"
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Connection: close
Accept-Ranges: bytes
Content-Length: 12942

GET
H2 200 logo.png
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 19 KB
19 KB 366ms
366ms Image
image/png 2600:9000:2057:1c00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo.png
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1c00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: public
date: Mon, 04 Apr 2022 14:38:55 GMT
via: 1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:25 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab72d-4a32"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 18994
x-amz-cf-id: YD3DtnPTKsKcIJkqeQnb3n-ndGAiVHOfpDMLIsJfTPmDeGsO0lnYmw==
expires: Mon, 11 Apr 2022 14:38:55 GMT

GET
H2 200 museosans-700-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 392ms
372ms Font
font/woff2 2600:9000:2057:1c00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1c00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
via: 1.1 c275031486c6f7b744b8d30847e98b14.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:25 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab72d-51a4"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 20900
x-amz-cf-id: oUbUhqKqmctRc637oiTEBdMNNgta5UcG-6oR_0IvanwahhXEiEIm0w==

GET
H2 200 museosans-100-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 390ms
370ms Font
font/woff2 2600:9000:2057:1c00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1c00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
via: 1.1 c275031486c6f7b744b8d30847e98b14.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:28 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab730-50c8"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 20680
x-amz-cf-id: 8eWPlUpVAQPn82a68VsFA3fu2HNtB8giUyaGK7dpYEjJcW7lNuNnjg==

GET
H2 200 museosans-300-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 393ms
373ms Font
font/woff2 2600:9000:2057:1c00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1c00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
via: 1.1 c275031486c6f7b744b8d30847e98b14.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:26 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab72e-51b8"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 20920
x-amz-cf-id: lhNHwfw2IeHgC8YmQykUq_Ziv0ekTMT6dN7Bh6gMfxqgjSzGOLakVg==

GET
H2 200 museosans-500-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 365ms
365ms Font
font/woff2 2600:9000:2057:1c00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1c00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
via: 1.1 c275031486c6f7b744b8d30847e98b14.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:28 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab730-5194"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 20884
x-amz-cf-id: ClmIpF49MRuy9q6immthJ9DSSZs4SwgK8k8xPo_0dlS0bPkZGs5iOQ==

GET
H2 200 Lisa-Vaas-Headshot.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/05/05095532/ 18 KB
19 KB 15ms
8ms Image
image/jpeg 2600:9000:214f:6800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/05/05095532/Lisa-Vaas-Headshot.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1d5a65e5129df0b4c89e73f205c6cb89cba0cd1d8e21a1512ca76b769634052d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sun, 26 Sep 2021 09:50:16 GMT
via: 1.1 018ffb575888f1c9ec960e3e977c042f.cloudfront.net (CloudFront), 1.1 85dc19f43b2a0bd8840fdf8baf07d762.cloudfront.net (CloudFront)
last-modified: Tue, 25 May 2021 13:37:34 GMT
server: AmazonS3
age: 16433320
etag: "78f8fd88850c65941db84cb8bf0d741d"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2, FRA53-C1
accept-ranges: bytes
content-length: 18649
x-amz-cf-id: _yNWzA2BcDGT56B_WNB1GmW6mi5XXM8EIlmZaduFUgf8QVmqqmZTFw==
expires: Wed, 25 May 2022 13:37:32 GMT

GET
H2 200 museosans-500italic-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 363ms
363ms Font
font/woff2 2600:9000:2057:1c00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1c00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
via: 1.1 c275031486c6f7b744b8d30847e98b14.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:28 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab730-5c74"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 23668
x-amz-cf-id: 1723JhXJ9_69z3cW__PWOcgbAQD6T9R1uY0QJsWaaCpZGQb3IgeADA==

GET
H2 200 attack-horizon-e1648572335942.jpg
media.threatpost.com/wp-content/uploads/sites/103/2022/03/29124520/ 11 KB
12 KB 10ms
7ms Image
image/jpeg 2600:9000:214f:6800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2022/03/29124520/attack-horizon-e1648572335942.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9348552099a43c0139caafab45ef6413d7cefac6722387854ad3f360660fd2af

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 20:33:18 GMT
via: 1.1 9015971351bc982a04ee209a022bb1f8.cloudfront.net (CloudFront), 1.1 85dc19f43b2a0bd8840fdf8baf07d762.cloudfront.net (CloudFront)
last-modified: Tue, 29 Mar 2022 16:45:36 GMT
server: AmazonS3
age: 497138
etag: "eca883d1f4516d2ba4f04ea1187fa5ab"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2, FRA53-C1
accept-ranges: bytes
content-length: 11312
x-amz-cf-id: aNw6YmalMCpICdaHGwhjPV5hNUYAFDYIkuN_8SGwplPHpT8gBSDgeA==
expires: Wed, 29 Mar 2023 16:45:35 GMT

GET
H2 200 Base64_encoded_blob-e1648583546965.jpg
media.threatpost.com/wp-content/uploads/sites/103/2022/03/29155214/ 94 KB
95 KB 10ms
7ms Image
image/jpeg 2600:9000:214f:6800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2022/03/29155214/Base64_encoded_blob-e1648583546965.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6b1bb389b13a881a2cefef04679293b420d442949428cb6fe32a876324fdf5d3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 20:33:18 GMT
via: 1.1 3f52d342c56014599dee37446f6c9f2e.cloudfront.net (CloudFront), 1.1 85dc19f43b2a0bd8840fdf8baf07d762.cloudfront.net (CloudFront)
last-modified: Tue, 29 Mar 2022 19:52:27 GMT
server: AmazonS3
age: 497138
etag: "616bb59ec067dc03f083d9d03c776231"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2, FRA53-C1
accept-ranges: bytes
content-length: 96671
x-amz-cf-id: _ZePMe_9W89gO2bMit8evpANfPQMONM5fUAacH2IwlIiP2Ty38P7GQ==
expires: Wed, 29 Mar 2023 19:52:26 GMT

GET
H2 200 14_kaspersky_secure_futures_magazine_composable_infrastructure-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2022/03/01154703/ 2 KB
3 KB 12ms
12ms Image
image/jpeg 2600:9000:214f:6800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2022/03/01154703/14_kaspersky_secure_futures_magazine_composable_infrastructure-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7e75ade51afcae47ec8dedc46bd50962ebb58b46638a69951f1f494c5052fe14

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 15:57:05 GMT
via: 1.1 57d93b321db68494cc6755a0d3fb29cc.cloudfront.net (CloudFront), 1.1 85dc19f43b2a0bd8840fdf8baf07d762.cloudfront.net (CloudFront)
last-modified: Tue, 01 Mar 2022 20:47:09 GMT
server: AmazonS3
age: 2328111
etag: "502f5a6c66ba05c0831f656eb6cc29dd"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2, FRA53-C1
accept-ranges: bytes
content-length: 2476
x-amz-cf-id: 4O-fQpdrgA4BKcxWS9E2dg7VRfgJPf-JELzovE10KirPGAtslu4XjA==
expires: Wed, 01 Mar 2023 20:47:08 GMT

GET
H2 200 checklist2-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/10/19100940/ 2 KB
2 KB 13ms
12ms Image
image/jpeg 2600:9000:214f:6800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/10/19100940/checklist2-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7fd9983a3429d6ead1f66bf933770f9b790818b189e39ff0f2a0d3f590bbf67b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 25 Feb 2022 18:49:28 GMT
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront), 1.1 85dc19f43b2a0bd8840fdf8baf07d762.cloudfront.net (CloudFront)
last-modified: Tue, 19 Oct 2021 14:09:44 GMT
server: AmazonS3
age: 3268168
etag: "14bf40c9dffffaec5cd1337f170dac93"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, FRA53-C1
accept-ranges: bytes
content-length: 2112
x-amz-cf-id: XlYkBTP-u0M3PpLMZ4-Kj11oibtGYDemS-RlRApBraKdKc1WCoaKXA==
expires: Wed, 19 Oct 2022 14:09:43 GMT

GET
H2 200 5-Steps-For-Securing-Your-Remote-Work-Space-e1645021300212-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/09/09141032/ 2 KB
2 KB 13ms
12ms Image
image/jpeg 2600:9000:214f:6800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/09/09141032/5-Steps-For-Securing-Your-Remote-Work-Space-e1645021300212-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1f3d8b57f69b73694c38ba6bbf8ddc46c8a5e52db401795fa8ab80643e14236d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 24 Feb 2022 21:12:50 GMT
via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront), 1.1 85dc19f43b2a0bd8840fdf8baf07d762.cloudfront.net (CloudFront)
last-modified: Wed, 16 Feb 2022 14:21:42 GMT
server: AmazonS3
age: 3345966
etag: "8d2fd78b5abc332b1098cc4de81608b9"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2, FRA53-C1
accept-ranges: bytes
content-length: 1940
x-amz-cf-id: 44W0n7oXfjA_1gzmkBVX7tgafZyp-VR1EL5DqeeYeriBuZxALj3nFQ==
expires: Thu, 16 Feb 2023 14:21:40 GMT

GET
H2 200 nuclear-bomb-explosion-1478796377Hhl-64x64.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2021/09/29112739/ 2 KB
3 KB 12ms
11ms Image
image/jpeg 2600:9000:214f:6800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/09/29112739/nuclear-bomb-explosion-1478796377Hhl-64x64.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6c8e343da3b15a6a26e0367b83d1c97813863ea6e6a905bd9e69870bb0a0ebd0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 21:08:04 GMT
via: 1.1 9c7c26f5beeb09381cea450ea3581b36.cloudfront.net (CloudFront), 1.1 85dc19f43b2a0bd8840fdf8baf07d762.cloudfront.net (CloudFront)
last-modified: Wed, 29 Sep 2021 15:27:43 GMT
server: AmazonS3
age: 4642252
etag: "6d0d1a22dbbe088376115135bb5be675"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, FRA53-C1
accept-ranges: bytes
content-length: 2337
x-amz-cf-id: bAGIxbMxQLArhMzS3gyjeAIBX0dCidIiARV8E73aC83c4TShYgzGrA==
expires: Thu, 29 Sep 2022 15:27:42 GMT

GET
H2 200 mail-plane-light.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 828 B
1 KB 277ms
276ms Image
image/svg+xml 2600:9000:2057:1c00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-light.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1c00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
via: 1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:25 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab72d-33c"
x-cache: Miss from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
content-length: 828
x-amz-cf-id: mvE7l6gz8esCAHAzlcpv0vFmvAOz8y-QPNvfwD1OuuepjSTqenemQw==

GET
H2 200 twitter-blue.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 868 B
1 KB 276ms
276ms Image
image/svg+xml 2600:9000:2057:1c00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/twitter-blue.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1c00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
via: 1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:25 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab72d-364"
x-cache: Miss from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
content-length: 868
x-amz-cf-id: G9S1N0roxpcdUtK0NjhTlGTWOJQMvDvsSXjx8a90VpKYGsf6DoMfXQ==

GET
H2 200 museosans-700italic-webfont.woff2
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
16 KB 365ms
364ms Font
font/woff2 2600:9000:2057:1c00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1c00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
via: 1.1 c275031486c6f7b744b8d30847e98b14.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:28 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab730-3dcc"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 15820
x-amz-cf-id: 97byXwNuhqBW2CWsXNTpnCNXNLkm1qMJ5CGAD43lHmc4bC-r47IESQ==

GET
H2 200 player.css
cds.connatix.com/p/157383/ 56 KB
9 KB 12ms
12ms Stylesheet
text/css 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/157383/player.css
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: bdfd60b477fc3a53026309cc91965dae061323c4a99562dabdd08831147528b2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
content-encoding: br
last-modified: Mon, 04 Apr 2022 13:23:10 GMT
age: 3021
etag: "379e0d01d797a7cf7455b95630ef6907"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 8612

GET
H2 200 mail-plane-large-dark.svg
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 812 B
1 KB 281ms
281ms Image
image/svg+xml 2600:9000:2057:1c00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-large-dark.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1c00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
via: 1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:28 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab730-32c"
x-cache: Miss from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
content-length: 812
x-amz-cf-id: tSKfa9rY0fHr4QmpJLaUPJAR6Vyn6xSdfO3GXv0VTt5PZaYFjND6fA==

GET
H2 200 logo-white.png
assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 10 KB
10 KB 283ms
283ms Image
image/png 2600:9000:2057:1c00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo-white.png
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1c00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: public
date: Mon, 04 Apr 2022 14:38:55 GMT
via: 1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:25 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab72d-260a"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 9738
x-amz-cf-id: exmjH8JeIR9fveRZYgQt1xRJ4LvW09uiz7RWC2CRWXEqc9Zf-DPizw==
expires: Mon, 11 Apr 2022 14:38:55 GMT

GET
H2 200 Log4J_shell_thrpst-e1643986376319-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2021/12/30110920/ 2 KB
3 KB 9ms
9ms Image
image/jpeg 2600:9000:214f:6800:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2021/12/30110920/Log4J_shell_thrpst-e1643986376319-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:6800:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 41f047950d4db7e04d250ebe65613aaaf482546a855d9321d1536ecb8ab6cccf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 04 Feb 2022 18:59:05 GMT
via: 1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront), 1.1 85dc19f43b2a0bd8840fdf8baf07d762.cloudfront.net (CloudFront)
last-modified: Fri, 04 Feb 2022 14:52:59 GMT
server: AmazonS3
age: 5081991
etag: "8b8e89e4e306930920312db10e2c0dbf"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1, FRA53-C1
accept-ranges: bytes
content-length: 2455
x-amz-cf-id: CH8xuPjRZxgTadT2A7cDejKfRwZ4VcZf7uFXSS6Mmyb9uq-pLdArnA==
expires: Sat, 04 Feb 2023 14:52:57 GMT

GET
H3 200 vendor-list.json Show response
qd.admetricspro.com/js/cmp2/ 256 KB
38 KB 628ms
598ms XHR
application/json 2606:4700:3030::ac43:cf70
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/cmp2/vendor-list.json
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:cf70 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1aeb3ee07f4b462935c5d8047ff038c8e279d75f9be1dcd0b848ba68223a3ee2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 31 May 2021 16:54:38 GMT
server: cloudflare
etag: W/"3ffae-5c3a314b5dcb2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W1RJATJyxhLuAVVxgwlqKa0KfExSAkWjsMvCUeM78bOOu5E7UF3V7mTjZeSlRXYWyaxWCzMQfBRVe98e4nsMzSGljmisRlKDql4lqvJX3ppf5XnsyLJ3QZ4HRyO05hNyhgyLAJjEbrlfk%2F8zkFt0FRBt"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=600
cf-ray: 6f6aca5b2caf59c5-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Mon, 04 Apr 2022 14:48:55 GMT

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ 73 KB
28 KB 17ms
17ms Script
application/javascript 108.157.4.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-6.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 05 Feb 2022 22:56:33 GMT
content-encoding: gzip
age: 4981342
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 f97c9082b750957571bc7e3354a4f4a4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: ZjI_MukCtiHexySdD-YV8FYnrOa7xdB76qi1pwYPafDl3V3z3AqXgg==

GET
H2 200 bl-39123b0-71ac0870.js Show response
tagan.adlightning.com/math-aids-threatpost/ 46 KB
19 KB 19ms
19ms Script
application/javascript 108.157.4.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-39123b0-71ac0870.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-6.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e2835af998d5ef885bfa14a1b1995c7724d5b6a76f545b4a491763bff6f0dac5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 02 Apr 2022 00:38:22 GMT
content-encoding: gzip
age: 223234
x-cache: Hit from cloudfront
content-length: 19393
x-amz-meta-git_commit: 39123b0
last-modified: Sat, 02 Apr 2022 00:31:19 GMT
server: AmazonS3
etag: "27a611307893faed4f77b20bc9c527af"
x-amz-version-id: ciXDgJvjDfKJZB9C8XzODN3O2B85Zno7
via: 1.1 f97c9082b750957571bc7e3354a4f4a4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: 2j0Td8gqDkBmD5alZdcjbi5dZgH3lgj5c2hMx0C1hQii1apongBl2w==

GET
H2 200 pubads_impl_2022033101.js Show response
securepubads.g.doubleclick.net/gpt/ 366 KB
125 KB 34ms
8ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js?cb=31066131

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

a58d46d853c21c8e11eb057aba26dbeeb32041b51a61d4e2c3adc86c09c08704

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:20:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4727
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127477
x-xss-protection: 0
last-modified: Thu, 31 Mar 2022 08:37:09 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 04 Apr 2023 13:20:08 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 141 B
737 B 44ms
20ms XHR
application/json 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=threatpost.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

d4c4215f41a4bb6f12e0d100854eecc6bc5c57ef23af0e945b8359d7727ae94e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 14:38:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 101
x-xss-protection: 0
expires: Mon, 04 Apr 2022 14:38:55 GMT

POST
H2 200 pls Show response
capi.connatix.com/core/ Frame DA43 14 KB
6 KB 147ms
146ms XHR
application/x-protobuf 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/core/pls?v=157383
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8ed6970579208c26987ce61a881ac26f859bf1363413f8ce36801ec83309a34a

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-max-age: 86400
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 6540

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/ 359 KB
142 KB 35ms
6ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5eea1c9406e22225635f46d7ddde71a450b2337a7cd0b25ff834aef95734258

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 07:21:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26265
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 144576
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 04:22:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 07:21:10 GMT

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 662 B
1019 B 7ms
7ms XHR
application/json 65.9.62.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fthreatpost.com&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.62.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-62-173.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 6493fe707262fb8d9bc0e4d487e319fc9ebe7de26ebe7e3b4f58a5d17f03a9ea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 09:05:14 GMT
via: 1.1 cae542650fb32c773cc494fc6e7e71e6.cloudfront.net (CloudFront)
server: Server
age: 20020
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://threatpost.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-C1
content-length: 662
x-amz-cf-id: Pf-p8iJbDdq8ZBJ8qd5RQU7aq8uFaxpi_N4V0LbZBCVQZ8e6__YSDg==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 21ms
7ms XHR
application/javascript 65.9.62.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.62.173 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-62-173.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 02:53:29 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin
age: 42327
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Thu, 17 Mar 2022 02:21:48 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: khsXo6Z3HSo5bHNWbmb1eMp88IHhxPc.
via: 1.1 106758604a7f1ae0fa6678cd3d828d62.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA56-C1
content-type: application/javascript
x-amz-cf-id: RN3GrsD2eUZ9hOmwFW_16qYSK6qxTagWDxfrnpuXXEgHX5ulIpRpLA==

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/ 362 KB
143 KB 26ms
13ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit&ver=202124050927

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dff2681d8f5f16b61b464b599d7c62f61efe496b54a77044145495bc8cad36d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:43:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3332
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 146406
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 04:22:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 13:43:23 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 368 B
1 KB 123ms
31ms XHR
application/json 52.16.57.45
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=983502BE532960BE0A490D4C%40AdobeOrg&d_nsid=0&ts=1649083136445

Requested by

Host: media.kaspersky.com
URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.16.57.45 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-16-57-45.eu-west-1.compute.amazonaws.com

Software

Resource Hash

37de906a61c6adaa1c8a5ffbc5c92eb0f93d07365600bc8adb72530ac38fb93b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v030-0d99b628d.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: RWAeiAFyTYo=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 313
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 pubcid.min.js Show response
secure.cdn.fastclick.net/js/pubcid/latest/ 53 KB
17 KB 66ms
16ms Script
application/javascript 23.206.210.112
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.206.210.112 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-206-210-112.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
content-encoding: gzip
last-modified: Tue, 01 Jun 2021 17:06:57 GMT
server: Apache
etag: "d398-5c3b75e9ebb41-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 17087
expires: Mon, 04 Apr 2022 14:53:55 GMT

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 40 KB
11 KB 37ms
17ms Script
text/javascript 46.105.202.126
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

46.105.202.126 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-cacheable: Matched cache
x-cdn-pop-ip: 137.74.120.0/27
date: Mon, 04 Apr 2022 14:20:20 GMT
content-type: text/javascript;charset=utf-8
cache-control: max-age=3600
x-cdn-pop: sbg
content-disposition: attachment;filename="id5-api.js"
accept-ranges: bytes
content-length: 11181
x-request-id: 162037904

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 3845
date: Mon, 04 Apr 2022 13:34:50 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 04 Apr 2022 15:34:50 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
10 KB 26ms
9ms Script
application/javascript 2620:116:800d:21:ee05:6a01:4b41:8c89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:ee05:6a01:4b41:8c89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
content-encoding: gzip
etag: "u2JtyZzqnTXwzBUswy2r+w=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Mon, 11 Apr 2022 14:38:55 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 14 KB
6 KB 26ms
8ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
content-encoding: gzip
last-modified: Tue, 29 Mar 2022 00:09:12 GMT
fastly-original-body-size: 14407
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kcgs7200069-IAD, cache-hhn11568-HHN

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 428 KB
109 KB 31ms
17ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3320325f92bba32a6afd320f235eadaf65b7a4d96f67141f720aa9846a73320a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 111361
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 04 Apr 2022 14:38:55 GMT

GET
H2 200 blockedDomains_12.bin Show response
lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/ Frame DA43 2 KB
1 KB 34ms
6ms XHR
application/octet-stream 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://lit.connatix.com/08d79ac9-d151-59b7-8ffc-1666f862d246/blockedDomains_12.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 085f299301d3258baf25d3cdaf1ff539b13a00169b765b1c8abaabc5fe353d2b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
content-encoding: gzip
last-modified: Wed, 30 Mar 2022 17:18:30 GMT
age: 422337
etag: "047f4b895f454fb7748c6b90383a386e"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 1296

GET
H2 200 insights.bin Show response
ins.connatix.com/4eefa1a0fabb9a6e17c3e70f39eb58fe/ Frame DA43 324 B
553 B 23ms
8ms XHR
application/octet-stream 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ins.connatix.com/4eefa1a0fabb9a6e17c3e70f39eb58fe/insights.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 69445fd8e1a8e96fc098b81f84d19b23cb88621fbc780e7dc24d0f6b3ae5bd80

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
content-encoding: gzip
last-modified: Fri, 01 Apr 2022 10:22:11 GMT
fastly-original-body-size: 324
age: 273823
etag: "69cb80b2eb19eb311bb83b48d1c6404e"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 210

GET
H/1.1 200
OK dest5.html Show response
kaspersky.demdex.net/ Frame 7A32 7 KB
3 KB 132ms
30ms Document
text/html 52.19.107.252
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://kaspersky.demdex.net/dest5.html?d_nsid=0

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.19.107.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-107-252.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 2791
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-2-v030-00570eae8.edge-irl1.demdex.com UNKNOWN
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: h4Vxf4mARU8=
content-encoding: gzip
date: Mon, 4 Apr 2022 14:38:55 GMT
last-modified: Tue, 15 Mar 2022 12:40:47 GMT
vary: accept-encoding

GET
H2 200 id Show response
kaspersky.d3.sc.omtrdc.net/ 2 B
316 B 56ms
15ms XHR
application/x-javascript 15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://kaspersky.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&mid=26686259351274717732467004971664565391&ts=1649083136814

Requested by

Host: media.kaspersky.com
URL: https://media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=5.9.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-7b6f4bb9f7-gglv4
vary: Origin
x-c: main-1637.I660130.M0-562
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 2
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=YksC-wAAAHsVCAQA
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=31216196506237851593199361533659695829
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YksC-wAAAHsVCAQA

42 B
943 B

31ms
31ms

Image
image/gif

52.16.57.45
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=YksC-wAAAHsVCAQA

Requested by

Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

Protocol

HTTP/1.1

Server

52.16.57.45 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-16-57-45.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v030-0d657fcce.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: hbYxydyfQt0=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=YksC-wAAAHsVCAQA
Date: Mon, 04 Apr 2022 14:38:55 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H/1.1 200
OK sr Show response
capi-tier-2-us-east-2.connatix.com/tr/ Frame DA43 0
315 B 437ms
107ms XHR
application/x-protobuf 18.118.192.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/tr/sr?v=157383
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.118.192.126 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-118-192-126.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 83 KB
28 KB 38ms
22ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

abfb1f15c2cb3df79d00d5c685c6840b8f5c91ecebb41650eacb4611aeff6071

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28206
x-xss-protection: 0
server: sffe
etag: "1177 / 815 of 1000 / last-modified: 1649070350"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 04 Apr 2022 14:38:55 GMT

GET
H2 200 2_media.bin Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/ Frame DA43 285 B
357 B 9ms
8ms XHR
application/octet-stream 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/2_media.bin
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 3b9d39edb2591de65a095117689dd79effa44a7cf3e0a594d01c978b2f05d00e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
content-encoding: gzip
last-modified: Thu, 18 Mar 2021 19:13:10 GMT
fastly-original-body-size: 285
age: 85043
etag: "259c03714a4dc20e6a891f05ce653dc0"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 249

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame DA43 374 KB
125 KB 46ms
24ms Script
text/javascript 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

22e56b7e66a75203914f5f0cb9cf1c4e95c065f101ace2189cc31de2da60f61e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127633
x-xss-protection: 0
expires: Mon, 04 Apr 2022 14:38:55 GMT

GET
H2 200 1.png
img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/c2ecd04f-0dca-4ffa-8761-d93b34717380/ 6 KB
7 KB 8ms
7ms Image
image/png 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/c2ecd04f-0dca-4ffa-8761-d93b34717380/1.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
content-encoding: br
age: 1152993
etag: "CDlq0wWU2N6Hha9Y1OkqKS7K/JyWAUvXYL5GlZ2se8g"
access-control-max-age: 86400
fastly-io-info: ifsz=8114 idim=288x42 ifmt=png ofsz=6487 odim=288x42 ofmt=png
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/png
content-length: 6487

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 28ms
14ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=1526084353&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&ul=en-us&de=UTF-8&dt=Log4JShell%20Used%20to%20Swarm%20VMware%20Servers%20with%20Miners%2C%20Backdoors%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1677617131&gjid=1153360635&cid=414288784.1649083137&tid=UA-35676203-21&_gid=1122971549.1649083137&_r=1&gtm=2wg3u0PM29HLF&z=1005138886

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:38:55 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 15ms
6ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&aip=1&a=1526084353&t=event&ni=0&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&ul=en-us&de=UTF-8&dt=Log4JShell%20Used%20to%20Swarm%20VMware%20Servers%20with%20Miners%2C%20Backdoors%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=VISIBILITY&ea=elementVisibility%20%2F%20%5BHeader%5D%20%2F%20Social%20Networks%20View&_u=YEDAAEABAAAAAC~&jid=&gjid=&cid=414288784.1649083137&tid=UA-35676203-21&_gid=1122971549.1649083137&gtm=2wg3u0PM29HLF&z=620061952

Requested by

Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 03 Apr 2022 18:46:33 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 71542
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rules-p-_7kVx0t9Jqj90.js Show response
rules.quantcount.com/ 2 B
355 B 61ms
28ms Script
application/javascript 2600:9000:2315:a400:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-_7kVx0t9Jqj90.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:a400:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:36:51 GMT
via: 1.1 347732911156afff87ff95b6d55b9278.cloudfront.net (CloudFront)
server: AmazonS3
age: 124
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
x-amz-cf-pop: DUS51-P2
content-length: 2
x-amz-cf-id: 6v6GuR7sqXak_fTLJdIoF6fzvaRfmGNJW7J6oYmzxDM4RJVMYGHJTg==

GET
H2 200 flipboard.svg
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/ 236 B
562 B 277ms
276ms Image
image/svg+xml 2600:9000:2057:1c00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/flipboard.svg
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1c00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:56 GMT
via: 1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:25 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab72d-ec"
x-cache: Miss from cloudfront
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
content-length: 236
x-amz-cf-id: 6qp5mfyO1pWPlzaS7pAp_9-jnfMeBa7zXdx2Uk_RZn0DWcw_38ZVSQ==

GET
H2 200 fontawesome-webfont.woff2
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/ 75 KB
76 KB 366ms
366ms Font
font/woff2 2600:9000:2057:1c00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: assets.threatpost.com
URL: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:1c00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/themes/threatpost-2018/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1d62b9db
Origin: https://threatpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:56 GMT
via: 1.1 c275031486c6f7b744b8d30847e98b14.cloudfront.net (CloudFront)
last-modified: Mon, 04 Apr 2022 09:15:25 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
etag: "624ab72d-12d68"
x-cache: Miss from cloudfront
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 77160
x-amz-cf-id: C5yeftT3fie-uD5_rkYPRsUedOrT8jIlFWL660DWYztR9npTX-Rqlw==

GET
H/1.1 200
OK v1 Show response
geo.ipify.org/api/ 381 B
589 B 590ms
261ms XHR
application/json 64.140.160.2
WEBNX

General

Check archive.org

Show headers Download Go to

Full URL

https://geo.ipify.org/api/v1?apiKey=at_riPAQYz3EiQ6JhsH05bmtozma13RA

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

64.140.160.2 Ogden, United States, ASN18450 (WEBNX, US),

Reverse DNS

threatintelligenceplatform.com

Software

nginx /

Resource Hash

73fb5c187e71eaafae15c31f112eb99b27df61d841675fc8ca511397d202629e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 14:38:56 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server: nginx
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private
Transfer-Encoding: chunked
Connection: keep-alive

GET
H2 403 adsct
analytics.twitter.com/i/ 0
0 139ms
122ms Script
text/plain 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=c4180631-1416-4ef7-ba24-0ab8a465c747&tw_document_href=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-response-time: 113
date: Mon, 04 Apr 2022 14:38:56 UTC
cache-control: no-cache, no-store, max-age=0
server: tsa_o
x-connection-hash: 69049becf5b70c2e3062d6766028c7302c5054e36a873d024879beef0e20f494
content-length: 0
strict-transport-security: max-age=631138519

GET
H2 200 adsct
t.co/i/ 43 B
338 B 132ms
115ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=c4180631-1416-4ef7-ba24-0ab8a465c747&tw_document_href=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-response-time: 107
date: Mon, 04 Apr 2022 14:38:56 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 9791102c4c02efa837820b8172d321b14b5fcf53d649c8bb9335050e5db9838a
content-length: 43

GET
H2 200 hls.5b3b785f487abbe00eee.js Show response
cds.connatix.com/p/157383/ Frame DA43 162 KB
47 KB 10ms
9ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/157383/hls.5b3b785f487abbe00eee.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e2c4332b6cd0fea250e89907921adaf7e597b52808cf19c995d6173ae0263f21

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:56 GMT
content-encoding: br
last-modified: Mon, 04 Apr 2022 13:23:10 GMT
age: 3022
etag: "182f65d040bfb9544bd8f71472475672"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 48258

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
441 B 63ms
19ms XHR
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-35676203-21&cid=414288784.1649083137&jid=1677617131&gjid=1153360635&_gid=1122971549.1649083137&_u=YEBAAEAAAAAAAC~&z=1314597330

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 04 Apr 2022 14:38:56 GMT
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 bridge3.509.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame ED81 632 KB
205 KB 24ms
9ms Document
text/html 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.509.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d78fa11d49d6f5896519ee387440209a4ad363f68a816146c03b732b3fd45809

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 215998
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 209648
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Sat, 02 Apr 2022 02:38:58 GMT
expires: Sun, 02 Apr 2023 02:38:58 GMT
last-modified: Sat, 02 Apr 2022 02:33:22 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame DA43 44 KB
17 KB 39ms
16ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 04 Apr 2022 14:38:56 GMT

GET
H3 200 bridge3.509.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame E88B 632 KB
205 KB 7ms
7ms Document
text/html 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.509.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d78fa11d49d6f5896519ee387440209a4ad363f68a816146c03b732b3fd45809

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 215998
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 209648
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Sat, 02 Apr 2022 02:38:58 GMT
expires: Sun, 02 Apr 2023 02:38:58 GMT
last-modified: Sat, 02 Apr 2022 02:33:22 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.509.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame FF82 632 KB
205 KB 11ms
11ms Document
text/html 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.509.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d78fa11d49d6f5896519ee387440209a4ad363f68a816146c03b732b3fd45809

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 215998
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 209648
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Sat, 02 Apr 2022 02:38:58 GMT
expires: Sun, 02 Apr 2023 02:38:58 GMT
last-modified: Sat, 02 Apr 2022 02:33:22 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H/1.1 200 724.json Show response
id5-sync.com/g/v2/ 212 B
531 B 54ms
32ms XHR
application/json 141.95.99.207
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/724.json

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.99.207 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3213275.ip-141-95-99.eu

Software

Resource Hash

890aecaa78acf1904801547188563d78ab826d99308c85e5917cac87f8d5426e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Mon, 04 Apr 2022 14:38:55 GMT
access-control-allow-credentials: true
vary: Origin
transfer-encoding: chunked
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json;charset=UTF-8

GET
H2 200 pixel;r=1776723501;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F;uht=2;fpan=1;fpa=P0-1596131302-1649083137136;pbc...
pixel.quantserve.com/ 35 B
372 B 35ms
10ms Image
image/gif 2620:116:800d:21:ee05:6a01:4b41:8c89
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1776723501;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F;uht=2;fpan=1;fpa=P0-1596131302-1649083137136;pbc=;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;gdpr=0;us_privacy=1---;ref=;d=threatpost.com;je=0;sr=1600x1200x24;dst=0;et=1649083137136;tzo=0;ogl=image.https%3A%2F%2Fmedia%252Ethreatpost%252Ecom%2Fwp-content%2Fuploads%2Fsites%2F103%2F2022%2F03%2F29162217%2Fmosqu%2Ctype.article%2Ctitle.Log4JShell%20Used%20to%20Swarm%20VMware%20Servers%20with%20Miners%252C%20Backdoors%2Cdescription.Researchers%20have%20found%20three%20backdoors%20and%20four%20miners%20in%20attacks%20exploiting%20the%2Curl.https%3A%2F%2Fthreatpost%252Ecom%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:ee05:6a01:4b41:8c89 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:38:56 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 31ms
31ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35676203-21&cid=414288784.1649083137&jid=1677617131&_u=YEBAAEAAAAAAAC~&z=1237798022

Requested by

Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:38:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 55ms
33ms Image
image/gif 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35676203-21&cid=414288784.1649083137&jid=1677617131&_u=YEBAAEAAAAAAAC~&z=1237798022

Requested by

Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:38:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame C9A0 37 KB
13 KB 29ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:52:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2804
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 04 Apr 2022 14:52:12 GMT

GET
H2 200 localstore.js Show response
script.4dex.io/ 483 B
944 B 85ms
36ms Script
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:56 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1142577
x-amz-request-id: txcb277395650a4fbcbe1a5-00623993cb
x-amz-id-2: txcb277395650a4fbcbe1a5-00623993cb
last-modified: Tue, 22 Mar 2022 09:15:21 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C8icgDLNBxH3lpQMU4gRsFL%2BTASTWDvm5wTmZQIA95BnFgdfT49OPz5Ric%2FzToOVtLUq%2F2eFnOg3QGFrUiTDbZzwOjbGVB7jcsRyr%2BEzIcVXWrB8xCLgYZA9tQbnyG%2FCNJV5iCM6p3qNnrxZ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=1800
x-amz-version-id: 1647940521027959
cf-ray: 6f6aca61fb3759a1-MXP

POST
H/1.1 200 724.json Show response
id5-sync.com/g/v2/ 212 B
531 B 112ms
83ms XHR
application/json 141.95.99.207
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/724.json

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.99.207 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3213275.ip-141-95-99.eu

Software

Resource Hash

0245fcaaea90df2254a2b2f54f45f68f97ec0ec811148008f2ecbcec49286472

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Mon, 04 Apr 2022 14:38:55 GMT
access-control-allow-credentials: true
vary: Origin
transfer-encoding: chunked
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json;charset=UTF-8

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 64 B
530 B 46ms
45ms XHR
text/javascript 65.9.62.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&pid=lX6gIjqkHFzii&cb=0&ws=1600x1200&v=7.74.0&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-6794670-2%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-3%22%2C%22s%22%3A%5B%22300x250%22%2C%22336x280%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-5%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-6794670-1%22%2C%22s%22%3A%5B%222x2%22%5D%2C%22sn%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-2x2-Skin%22%7D%5D&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.62.173 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-62-173.fra56.r.cloudfront.net

Software

Server /

Resource Hash

d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:56 GMT
via: 1.1 cae542650fb32c773cc494fc6e7e71e6.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-C1
x-amz-rid: 91QK67MA7X0SWATAW8B6
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 64
x-amz-cf-id: ACDsVf8hewDu05ezyzoyHaDONZwDbhBY1GAV6jmBTi20J0R1ZPae6g==

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 541A 37 KB
13 KB 23ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:52:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2804
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 04 Apr 2022 14:52:12 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 7F50 37 KB
13 KB 14ms
9ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 13:52:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2804
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 04 Apr 2022 14:52:12 GMT

POST
H/1.1 200
OK ao Show response
capi-tier-2-us-east-2.connatix.com/tr/ Frame DA43 0
315 B 108ms
108ms XHR
application/x-protobuf 18.118.192.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/tr/ao?v=157383
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.118.192.126 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-118-192-126.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Mon, 04 Apr 2022 14:38:55 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

POST
H/1.1 200
OK g Show response
capi-tier-2-us-east-2.connatix.com/rtb/ Frame DA43 2 KB
1 KB 1450ms
1129ms XHR
application/x-protobuf 18.118.192.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/rtb/g?v=157383
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.118.192.126 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-118-192-126.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: db626e69411c9185f599b3e50fcf3964089c039d05371d6dead8500c8afc2f25

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Mon, 04 Apr 2022 14:38:56 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 1024

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 64 B
532 B 47ms
46ms XHR
text/javascript 65.9.62.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.62.173 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-62-173.fra56.r.cloudfront.net

Software

Server /

Resource Hash

8db22950b3f47f686f4bad6b6d21386f03a4b0b24320c6715436424e41dcda09

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:56 GMT
via: 1.1 cae542650fb32c773cc494fc6e7e71e6.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-C1
x-amz-rid: EVRA7S38J70W4CVNWTS3
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 64
x-amz-cf-id: Xd_7WKMAkMTmFaZqtt6BRyGwIDBiiL2lce3LAL-tLk6I-4T7qilNDA==

POST
H/1.1 200
OK ps Show response
capi-tier-2-us-east-2.connatix.com/tr/ Frame DA43 0
315 B 198ms
107ms XHR
application/x-protobuf 18.118.192.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/tr/ps?v=157383
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.118.192.126 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-118-192-126.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Mon, 04 Apr 2022 14:38:56 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 1_th.jpg
img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/ 7 KB
7 KB 9ms
9ms Image
image/jpeg 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/1_th.jpg?crop=400:225,smart&width=400&height=225&format=jpeg&quality=60&fit=crop
Requested by: Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e998d70d54146b70fbd8882efdd0682978dbc337f03a6e22367cb97aadf9e573

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:56 GMT
content-encoding: br
age: 250143
etag: "JNaAhBiLMSOnkkei/N3fo5fCL/mt/wlc+iBOJzzjuy8"
access-control-max-age: 86400
fastly-io-info: ifsz=79819 idim=2560x1440 ifmt=jpeg ofsz=7628 odim=400x225 ofmt=jpeg
access-control-allow-origin: *
cache-control: max-age=2592000, public
fastly-stats: io=1
accept-ranges: bytes
content-type: image/jpeg
content-length: 7179

POST
H2 200 v2 Show response
e.serverbid.com/api/ 711 B
984 B 313ms
108ms XHR
application/json 167.172.1.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://e.serverbid.com/api/v2
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 167.172.1.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: f4b064d961dd5c30917481f9cf22f400d352737e7dac10d70e574877eef1e8ea

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Mon, 04 Apr 2022 14:38:56 GMT
access-control-allow-credentials: true
content-length: 711
vary: Origin
content-type: application/json

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 36 B
328 B 303ms
273ms XHR
application/json 184.31.84.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=438654&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2253ad1cfd30b029%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F%22%2C%22ref%22%3A%22https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F%22%2C%22domain%22%3A%22threatpost.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22threatpost.com%22%7D%2C%22keywords%22%3A%22Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A4%2C%22msi%22%3A4%2C%22mfu%22%3A0%2C%22bu%22%3A3%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A3%2C%22ren%22%3Afalse%2C%22version%22%3A%225.17.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2262d8a91ac7ab6c%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-970x250-ATF%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%227c0186bae867ce%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A336%2C%22h%22%3A280%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x250-ATF%22%2C%22sid%22%3A%22336x280%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%228d42a9a73702d1%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22dfp_ad_unit_code%22%3A%22%2F22404337467%2C21707124336%2Fthreatpost-300x600-ATF%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%7D%5D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22sid%22%3A%221005%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-31-84-150.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 9234d2c890762769f323b282340f0e5330107731a3e914788f841b71ba9401e6

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:38:56 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[217.64.151.9], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://threatpost.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 36
x-ak-client-geo: 12
expires: Mon, 04 Apr 2022 14:38:56 GMT

POST
H2 200 adreq Show response
ads.servenobid.com/ 548 B
607 B 99ms
30ms XHR
application/json 99.80.41.206
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/adreq?cb=642
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.41.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-80-41-206.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 20c0569955e76587d3ea93366b1a031879abe919165e51170a378497fd2d8473

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 04 Apr 2022 14:38:56 GMT
content-encoding: gzip
amp-access-control-allow-source-origin: *
vary: accept-encoding
content-type: application/json
access-control-allow-origin: https://threatpost.com
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
59 B 539ms
73ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Mon, 04 Apr 2022 14:38:56 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 20 KB
11 KB 155ms
140ms XHR
application/json 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

6cf82c00ca4ccf23966e75cefbe4272931a5c6f510b5b34624f8344bbcb8c314

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 04 Apr 2022 14:38:56 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.64.151.9; 217.64.151.9; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 1cfb328b-e877-4f79-812f-b483f2e53ca3
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
291 B 136ms
92ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_728x90-atf&cmd=bid&secure=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 7ef42b5e13f85ed1b99488c6c327b8ec64dbc16717bef6afcbc4700fae9fc5f9

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 04 Apr 2022 14:38:56 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 145ms
101ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_300x250-atf&cmd=bid&secure=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: 81eaa5d9b1f83abaa624c33145a0a8c68ea6d9641ab0a5fadcbf8a6f7896a625

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 04 Apr 2022 14:38:56 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
content-length: 62

GET
H2 200 bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
92 B 166ms
122ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9695ad017373d9b19cda6b03bc00b5&pos=threatpost.com_desktop_300x600-atf&cmd=bid&secure=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: cb2388cee00751f237d133d0d447e489f450c556a6f771bd736321d074d5c36a

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 04 Apr 2022 14:38:56 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
content-length: 62

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 611 B
1 KB 139ms
86ms XHR
application/json 2602:803:c003:200::21
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=2&alt_size_ids=55%2C57&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-970x250-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-970x250-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=56a1d06e-38f0-4e91-92fc-3810727c7b24&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.40059686659708316
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 0ab6b9e585cc580fc78f02c7b386bb1746e76696bc899bee0c53ce0b829f13be

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:38:56 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 611
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 609 B
1 KB 191ms
138ms XHR
application/json 2602:803:c003:200::21
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=16&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-300x250-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-300x250-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=f0996271-8823-4a0a-b4bb-63be73f2dbea&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6483130220026359
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 92196319bc96170f6cff0b1624b742ca1a6d898825c0b4c907e7b30186b1f9e4

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:38:56 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 609
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 609 B
1 KB 160ms
106ms XHR
application/json 2602:803:c003:200::21
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509506&size_id=15&alt_size_ids=10&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=c8fe3586-6533-4105-bfdb-4324075b0908&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.0846549080775072
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 8278f3722ee191b87c680476060d23d0f76882f68ebe9a1e717740134016ff6a

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:38:56 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 609
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 609 B
1 KB 152ms
78ms XHR
application/json 2602:803:c003:200::21
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=10&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&kw=Hacks%2CMalware%2CVulnerabilities%2CWebSecurity%2CMobileSecurity%2CPrivacy&tg_i.ref=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&tg_i.page=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&tg_i.domain=threatpost.com&tg_i.dfp_ad_unit_code=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tg_i.pbadslot=22404337467%2C21707124336%2Fthreatpost-300x600-ATF&tk_flint=pbjs_lite_v5.17.0&x_source.tid=c8fe3586-6533-4105-bfdb-4324075b0908&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.3805424949228333
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: cde2242cb02d31cae365dd484a1691692fa82047940f2347f595cae51bee0308

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:38:56 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 609
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ 3 KB
2 KB 223ms
197ms XHR
application/json 18.193.246.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=5.17.0&referrer=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&tmax=1200&gdpr=false

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.193.246.175 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-193-246-175.eu-central-1.compute.amazonaws.com

Software

Resource Hash

dd5d3756923caa7a376d9113eac043aaf569150470c0128bf1a15d52a8a4ebdd

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:38:56 GMT
content-encoding: gzip
accept-ch: sec-ch-viewport-height,sec-ch-width,sec-ch-save-data,sec-ch-device-memory,sec-ch-dpr,sec-ch-prefers-color-scheme,sec-ch-ua-bitness,sec-ch-ect,sec-ch-downlink,sec-ch-rtt,sec-ch-ua-arch,sec-ch-viewport-width,sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-model
content-type: application/json; charset=utf-8
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 1292
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 94 B
742 B 154ms
92ms XHR
application/json 216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.17.0
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash: f69bec4f58ecd80805b045c8cf496437d1ab6bd6355fa3eeb5df43f08e7b9407

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 04 Apr 2022 14:38:56 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 99

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
112 B 361ms
328ms XHR
text/plain 18.193.253.159
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.193.253.159 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-253-159.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Mon, 04 Apr 2022 14:38:56 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
113 B 43ms
11ms XHR
text/plain 18.193.253.159
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.193.253.159 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-253-159.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Mon, 04 Apr 2022 14:38:56 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
112 B 50ms
17ms XHR
text/plain 18.193.253.159
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.193.253.159 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-193-253-159.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Mon, 04 Apr 2022 14:38:56 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 mvo Show response
tag.1rx.io/rmp/216477/0/ 0
170 B 56ms
15ms XHR
text/plain 213.19.147.42
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/216477/0/mvo?z=1r&hbv=5.17,2.1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.42 Utrecht, Netherlands, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Mon, 04 Apr 2022 14:38:56 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

GET
H2 200 arj Show response
teachingaids-d.openx.net/w/1.0/ 174 B
592 B 218ms
189ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=56a1d06e-38f0-4e91-92fc-3810727c7b24%2C56a1d06e-38f0-4e91-92fc-3810727c7b24%2Cf0996271-8823-4a0a-b4bb-63be73f2dbea%2Cc8fe3586-6533-4105-bfdb-4324075b0908%2Cc8fe3586-6533-4105-bfdb-4324075b0908&nocache=1649083137473&gdpr=0&x_gdpr_f=1&pubcid=bde57177-fe26-48ea-875c-bc19c9ee6851&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&aus=728x90%2C970x250%2C970x90%7C728x90%2C970x250%2C970x90%7C300x250%2C336x280%7C300x250%2C300x600%7C300x250%2C300x600&divids=div-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-3%2Cdiv-gpt-ad-6794670-5%2Cdiv-gpt-ad-6794670-5&aucs=%252F22404337467%252C21707124336%252Fthreatpost-970x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-970x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x250-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x600-ATF%2C%252F22404337467%252C21707124336%252Fthreatpost-300x600-ATF&auid=540932704%2C540932709%2C540932713%2C540932715%2C540932720
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: d87c3218ce6bd91cbb46b702bc1adf432c07dd519a00f54d9d9dfdcf4588ace5

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:38:56 GMT
content-encoding: gzip
server: OXGW/18.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 165
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 200 prebid Show response
mp.4dex.io/ 114 B
589 B 80ms
41ms XHR
application/json 2606:4700::6812:272
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:272 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 30194d68a2580c8ac7f9838a7e8e467518df1263859fca74c77143a99ac560a2

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

cf-ray: 6f6aca631efc0229-ZRH
pragma: no-cache
date: Mon, 04 Apr 2022 14:38:56 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://threatpost.com
expires: 0
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
x-err: Validating the Prebid Request adunits. Sampled or No valid non-debug AdUnits

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
347 B 388ms
186ms XHR
text/plain 145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Mon, 04 Apr 2022 14:38:56 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 89
vary: origin, Accept-Encoding

GET
H2 200 prebid6.7.0-1.js Show response
cds.connatix.com/p/plugins/ Frame EA36 456 KB
119 KB 8ms
7ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 084885652dacd1b70a7979e7631caa6fe5985a5c1b872c28dd890d9ea39cec3d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:56 GMT
content-encoding: br
last-modified: Wed, 09 Feb 2022 14:06:45 GMT
age: 2950073
etag: "c647c6ead685f3c1b8ba4c8a5de1eb5a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 121193

GET
H2 200 playlist.m3u8 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/ Frame DA43 309 B
277 B 6ms
6ms XHR
application/x-mpegurl 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/playlist.m3u8
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/157383/hls.5b3b785f487abbe00eee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:56 GMT
content-encoding: gzip
last-modified: Thu, 18 Mar 2021 19:13:10 GMT
fastly-original-body-size: 309
age: 95826
etag: "8a966507b13615ecdc1330a4bc9dcfe1"
vary: Accept-Encoding
content-type: application/x-mpegURL
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 164

GET
H2 200 adagio.js Show response
script.4dex.io/ 72 KB
23 KB 103ms
58ms Fetch
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3373dca69883fd4d5298c955d822359a23e9c3658b63e06b483e251c10024f21

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:56 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1141506
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: tx6f2ea791109f4903a1561-0062399424
x-amz-id-2: tx6f2ea791109f4903a1561-0062399424
last-modified: Tue, 22 Mar 2022 09:15:19 GMT
server: cloudflare
etag: W/"f6062b9ed3c12dab430d5d33afafadb4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XNpltnK4fDnu1MEBh898mP2UbeOoiCO2f7UNVRCK2HwSzTzH1ec%2BMc3pPUZ43hi%2Fom2Z58%2FfAGZyL2mwu13Z9b6%2B3YpqWO4X1FYDa5i9u%2BSfIao4InaSvrDHel6fod6lCZ9AFJlTZjgINObY"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1647940519211847
cf-ray: 6f6aca64dfa90f7e-MXP
access-control-allow-headers: Authorization

GET
H2 200 0.m3u8 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/ Frame DA43 662 B
364 B 11ms
11ms XHR
application/x-mpegurl 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/0.m3u8
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/157383/hls.5b3b785f487abbe00eee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 3788f6d78d3779c5cb9799b5a5194c8e4f56de10b3c7cc962dd4ff56a006c076

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:56 GMT
content-encoding: gzip
last-modified: Thu, 18 Mar 2021 19:13:09 GMT
fastly-original-body-size: 662
age: 95824
etag: "3462f99156683c73680c822827559fb9"
vary: Accept-Encoding
content-type: application/x-mpegURL
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 267

OPTIONS
H2 200 bidRequest
c2shb.pubgw.yahoo.com/ Frame 0
0 33ms
9ms Preflight 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-openrtb-version
Access-Control-Request-Method: POST
Origin: https://threatpost.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://threatpost.com
access-control-max-age: 600
age: 0
content-length: 0
date: Mon, 04 Apr 2022 14:38:56 GMT
server: ATS/9.1.0.33

GET
H3 200 avjp Show response
teachingaids-d.openx.net/v/1.0/ Frame EA36 106 B
127 B 93ms
83ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=8ee243c2-a360-4094-a89e-16f84a018e73&nocache=1649083137869&gdpr=0&pubcid=6dc6ccdc-9eb2-4f7b-9175-c5016f7dc86a&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22w%22%3A400%2C%22h%22%3A225%2C%22skippable%22%3Atrue%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22protocols%22%3A%5B5%2C2%2C3%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22maxduration%22%3A180%7D%7D%5D%7D&auid=540882778&vwd=400&vht=225&aumfs=250
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:38:56 GMT
via: 1.1 google
server: OXGW/18.0.0
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 106
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 200 bidRequest Show response
c2shb.pubgw.yahoo.com/ Frame EA36 66 B
99 B 78ms
78ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.pubgw.yahoo.com/bidRequest
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/9.1.0.33 /
Resource Hash: ca9d67fc22e8966185fe95ac01764a0e2ead5cdebf553b9edd03deb6f9f30761

Request headers

Referer: https://threatpost.com/
x-openrtb-version: 2.5
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 04 Apr 2022 14:38:56 GMT
server: ATS/9.1.0.33
age: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST,GET,HEAD,OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
content-length: 66

POST
H2 204 mvo Show response
tag.1rx.io/rmp/233098/0/ Frame EA36 0
170 B 20ms
19ms XHR
text/plain 213.19.147.42
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/233098/0/mvo?z=1r&hbv=6.7,2.1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.42 Utrecht, Netherlands, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Mon, 04 Apr 2022 14:38:56 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

POST
H2 204 c Show response
prebid.a-mo.net/a/ Frame EA36 0
205 B 177ms
177ms XHR
text/plain 145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Mon, 04 Apr 2022 14:38:56 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 79
vary: origin, Accept-Encoding

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame EA36 144 B
1 KB 834ms
834ms XHR
application/json 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

1d3e8cac42691c9cb0fe2ce27b4f2ede67bf7ff24d4d60783aa84e497f4ced10

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:38:57 GMT
X-Proxy-Origin: 217.64.151.9; 217.64.151.9; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 532cd524-dbc3-477b-8559-afb81bdc60e3
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 mvo Show response
tag.1rx.io/rmp/233148/0/ Frame EA36 0
170 B 21ms
21ms XHR
text/plain 213.19.147.42
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/233148/0/mvo?z=1r&hbv=6.7,2.1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.42 Utrecht, Netherlands, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Mon, 04 Apr 2022 14:38:56 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame EA36 0
59 B 103ms
70ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Mon, 04 Apr 2022 14:38:56 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 mvo Show response
tag.1rx.io/rmp/216476/0/ Frame EA36 0
170 B 16ms
16ms XHR
text/plain 213.19.147.42
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/216476/0/mvo?z=1r&hbv=6.7,2.1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.42 Utrecht, Netherlands, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Mon, 04 Apr 2022 14:38:56 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame EA36 0
115 B 77ms
49ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
date: Mon, 04 Apr 2022 14:38:56 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 mvo Show response
tag.1rx.io/rmp/216475/0/ Frame EA36 0
170 B 15ms
15ms XHR
text/plain 213.19.147.42
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/216475/0/mvo?z=1r&hbv=6.7,2.1
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.42 Utrecht, Netherlands, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
pragma: no-cache
date: Mon, 04 Apr 2022 14:38:56 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame EA36 37 B
329 B 74ms
74ms XHR
application/json 184.31.84.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=435871&v=8.1&ac=j&sd=1&nf=1&t=900&r=%7B%22id%22%3A%2221039437a259ab9%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.7.0%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%2C%22dms%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22223f38abe93277d%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435871%22%2C%22sid%22%3A%22400x225%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A180%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%5D%2C%22playerSize%22%3A%5B%5B400%2C225%5D%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22skip%22%3A1%2C%22skipmin%22%3A31%2C%22skipafter%22%3A5%2C%22placement%22%3A1%2C%22w%22%3A400%2C%22h%22%3A225%7D%2C%22bidfloor%22%3A0.25%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22hp%22%3A1%2C%22sid%22%3A%221005%22%2C%22rid%22%3A%22dbdcb587-1b4a-4e88-a61c-f2ad6931f999%22%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%226dc6ccdc-9eb2-4f7b-9175-c5016f7dc86a%22%7D%5D%7D%5D%2C%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%7D
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-31-84-150.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: c4b29aab3e26c527455e248cb532bf1a0a7023b1ac608a03b5a9119c9b447234

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:38:56 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[217.64.151.9], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://threatpost.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 37
x-ak-client-geo: 12
expires: Mon, 04 Apr 2022 14:38:56 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame EA36 138 B
981 B 25ms
12ms XHR
application/json 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

cb08bc8ff90970ab6deb7e8e6018bc5dc8b9b48fb2d795ca40a5f2e5aca8c490

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:38:56 GMT
X-Proxy-Origin: 217.64.151.9; 217.64.151.9; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: f829d586-f3bd-40a4-8ddf-3caee199ec73
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 138
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 avjp Show response
teachingaids-d.openx.net/v/1.0/ Frame EA36 106 B
127 B 98ms
96ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=6f6ced51-f53d-4e69-b371-1b5637f812d3&nocache=1649083137906&gdpr=0&pubcid=6dc6ccdc-9eb2-4f7b-9175-c5016f7dc86a&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2Cdbdcb587-1b4a-4e88-a61c-f2ad6931f999%2C%2C&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22w%22%3A400%2C%22h%22%3A225%2C%22skippable%22%3Atrue%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22protocols%22%3A%5B5%2C2%2C3%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22maxduration%22%3A180%7D%7D%5D%7D&auid=540882779&vwd=400&vht=225&aumfs=250
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:38:56 GMT
via: 1.1 google
server: OXGW/18.0.0
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 106
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame EA36 37 B
329 B 86ms
85ms XHR
application/json 184.31.84.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=435870&v=8.1&ac=j&sd=1&nf=1&t=900&r=%7B%22id%22%3A%2227ff162d9edd0ad%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.7.0%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%2C%22dms%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22285ecaaae6ffb7f%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435870%22%2C%22sid%22%3A%22400x225%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%2C%22video%2Fogg%22%2C%22video%2Fmpeg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A180%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%5D%2C%22playerSize%22%3A%5B%5B400%2C225%5D%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22skip%22%3A1%2C%22skipmin%22%3A31%2C%22skipafter%22%3A5%2C%22placement%22%3A1%2C%22w%22%3A400%2C%22h%22%3A225%7D%2C%22bidfloor%22%3A0.25%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22hp%22%3A1%2C%22sid%22%3A%221005%22%2C%22rid%22%3A%22dbdcb587-1b4a-4e88-a61c-f2ad6931f999%22%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%226dc6ccdc-9eb2-4f7b-9175-c5016f7dc86a%22%7D%5D%7D%5D%2C%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%7D
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-31-84-150.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 1e75cc0ac5751e2b840929379d0aaa51c843e75a328587d5dddf0a28d7e29087

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:38:56 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[217.64.151.9], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://threatpost.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 37
x-ak-client-geo: 12
expires: Mon, 04 Apr 2022 14:38:56 GMT

GET
H2 206 0.mp4 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/ Frame DA43 1 KB
1 KB 8ms
8ms XHR
video/mp4 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/0.mp4
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/157383/hls.5b3b785f487abbe00eee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d8bd1954d35c36441c577e571af12e327da0115465a35f85bca7f6976ad49dda

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Range: bytes=0-1361

Response headers

date: Mon, 04 Apr 2022 14:38:56 GMT
last-modified: Thu, 18 Mar 2021 19:13:09 GMT
fastly-original-body-size: 1048576
age: 95784
etag: "0f4ba301101db680996746112d54887a"
access-control-max-age: 86400
content-type: video/mp4
Content-Range: bytes 0-1361/5163990
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 1362

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 14ms
13ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1526084353&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&dp=%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&ul=en-us&de=UTF-8&dt=Log4JShell%20Used%20to%20Swarm%20VMware%20Servers%20with%20Miners%2C%20Backdoors%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAAC~&jid=2116329552&gjid=2121823530&cid=414288784.1649083137&uid=26686259351274717732467004971664565391&tid=UA-63997723-2&_gid=1122971549.1649083137&_r=1&gtm=2wg3u0WZ7LJ3&cd14=no_locale&cd15=26686259351274717732467004971664565391&cd53=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F100.0.4896.60%20Safari%2F537.36&cd16=414288784.1649083137&z=1334576417

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:38:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WZ7LJ3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 3846
date: Mon, 04 Apr 2022 13:34:50 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 04 Apr 2022 15:34:50 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 59ms
17ms Script
application/x-javascript 2a02:26f0:3500:7::17d8:4dd2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:7::17d8:4dd2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5d5cf5a4a5b7c02915bc261dca0c755d29beda0c0c3a005c78c1682c9934bb3c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 14:38:57 GMT
Content-Encoding: gzip
Last-Modified: Fri, 18 Mar 2022 23:45:34 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=50488
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3104

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 93 KB
37 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-9582686

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T45JW6B&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

13c4f723ff4f8b5aa306147c28f106786fc96ed76d50d044e1cec29c6ca89628

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37612
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 04 Apr 2022 14:38:56 GMT

GET
H2 206 0.mp4 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/ Frame DA43 639 KB
640 KB 9ms
8ms XHR
video/mp4 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/0.mp4
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/157383/hls.5b3b785f487abbe00eee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 1a125096dce20357e3049f8166f66af69a0e57f5f802696000ab095613703e8f

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Range: bytes=1362-656072

Response headers

date: Mon, 04 Apr 2022 14:38:56 GMT
last-modified: Thu, 18 Mar 2021 19:13:09 GMT
fastly-original-body-size: 1048576
age: 95784
etag: "0f4ba301101db680996746112d54887a"
access-control-max-age: 86400
content-type: video/mp4
Content-Range: bytes 1362-656072/5163990
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 654711

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 40ms
20ms XHR
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-63997723-2&cid=414288784.1649083137&jid=2116329552&uid=26686259351274717732467004971664565391&gjid=2121823530&_gid=1122971549.1649083137&_u=aEDAAEABAAAAAC~&z=305127973

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 04 Apr 2022 14:38:57 GMT
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 38ms
16ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=threatpost.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 14:38:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 40ms
16ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=threatpost.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 14:38:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 173 KB
46 KB 460ms
460ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2910071725585087&correlator=1769478660428361&eid=31065843%2C31066025%2C31066131%2C31066343%2C31066018&output=ldjh&gdfp_req=1&vrg=2022033101&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&tfua=0&tfcd=0&iu_parts=22404337467%3A21707124336%2Cthreatpost-970x250-ATF%2Cthreatpost-300x250-ATF%2Cthreatpost-300x600-ATF%2Cthreatpost-2x2-Skin%2Cthreatpost-AdX-Interstitial&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5&prev_iu_szs=728x90%7C970x250%7C970x90%2C300x250%7C336x280%2C300x250%7C300x600%2C2x2%2C1x1&ifi=1&adks=4166723991%2C1414505084%2C1356251026%2C3771495681%2C2643643476&sfv=1-0-38&ecs=20220404&ists=1&fas=0%2C0%2C0%2C0%2C8&fsapi=false&prev_scp=amznbid%3D2%26amznp%3D2%26hb_adid_triplelift%3D649ef9c6756d25%26hb_bidder_triplelift%3Dtriplelift%26dyn_bids%3D0.02%26hb_adid%3D649ef9c6756d25%26hb_bidder%3Dtriplelift%7Camznbid%3D2%26amznp%3D2%26hb_adid_appnexus%3D658737815267c6a%26hb_bidder_appnexus%3Dappnexus%26dyn_bids%3D0.05%26hb_adid%3D658737815267c6a%26hb_bidder%3Dappnexus%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7C&eri=1&cust_params=urlhost%3Dhttps%253A%252F%252Fthreatpost.com%252F%26urlpath%3D%252Flog4jshell-swarm-vmware-servers-miners-backdoors%252F179142%252F%26urlquery%3Dgoogfc%26contentid%3D179142%26category%3Dmalware-2%26contenttags%3D&sc=1&cookie_enabled=1&abxe=1&dt=1649083138033&lmt=1649083138&dlt=1649083134853&idt=1913&biw=1600&bih=1200&adxs=436%2C1082%2C1082%2C0%2C-9&adys=8%2C166%2C1211%2C8%2C-9&ucis=1%7C2%7C3%7C4%7C5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=728x0%7C300x0%7C300x0%7C1600x0%7C0x-1&msz=728x0%7C300x0%7C300x0%7C1600x0%7C0x-1&fws=0%2C0%2C0%2C0%2C2&ohw=0%2C0%2C0%2C0%2C0&ga_vid=414288784.1649083137&ga_sid=1649083138&ga_hid=1526084353&ga_fc=true&btvi=0%7C0%7C1%7C0%7C-1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js?cb=31066131

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

ced83ba438296fa3e9d92f901960a392c8b38fb43340f313075b4fabb7d5e3dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:57 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46921
x-xss-protection: 0
google-lineitem-id: -1,-1,5794835207,-2,-1
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-1,138364590135,-2,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
10 KB 43ms
28ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022033101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js?cb=31066131

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

88f81c0088519df10ba4eb33bb2141097a0cd0876d0f10cd815b9f2d27356de8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 14:38:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10702
x-xss-protection: 0

GET
H2 200 container.html Show response
1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 5BB5 6 KB
4 KB 67ms
15ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js?cb=31066131

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 14:38:57 GMT
expires: Tue, 04 Apr 2023 14:38:57 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads_2022033101.js Show response
securepubads.g.doubleclick.net/gpt/ 35 KB
13 KB 8ms
7ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022033101.js?cb=31066131

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js?cb=31066131

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

44a8cce8245ffbf3521f20a0b4bc806ba35141e62483e48d5be7c6222a9b3ca9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 02 Apr 2022 10:59:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 185973
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13197
x-xss-protection: 0
last-modified: Thu, 31 Mar 2022 08:37:09 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 02 Apr 2023 10:59:24 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 31ms
30ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-2&cid=414288784.1649083137&jid=2116329552&_u=aEDAAEABAAAAAC~&z=730659727

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:38:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 46ms
29ms Image
image/gif 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-2&cid=414288784.1649083137&jid=2116329552&_u=aEDAAEABAAAAAC~&z=730659727

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:38:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1649083138091&url=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39138%26time%3D1649083138091%26url%3Dhttps%253A%252F%252Fthreatpost.com%252Flog4j...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1649083138091&url=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1649083138091&url=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&liSync=true&e_ipv6=AQLxf...

0
265 B

207ms
189ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1649083138091&url=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&liSync=true&e_ipv6=AQLxfqNghEgeoQAAAX_1A7-u9hD9yABJLQ__oTfIKyIBniTzPhgDwMi2W0Uxy26KxesD7_KuyQCF6TT8dTOEomi5rWAbPw
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:57 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: BF248D755FDA4C6DA3805447CA40B9C7 Ref B: FRAEDGE0719 Ref C: 2022-04-04T14:38:58Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXb1Raov/PD9QQUpxE28Q==
x-li-fabric: prod-lor1

Redirect headers

date: Mon, 04 Apr 2022 14:38:57 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: F11DA829B4244E239A3DBEBF88EA0CE0 Ref B: FRAEDGE1406 Ref C: 2022-04-04T14:38:57Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=39138&time=1649083138091&url=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&liSync=true&e_ipv6=AQLxfqNghEgeoQAAAX_1A7-u9hD9yABJLQ__oTfIKyIBniTzPhgDwMi2W0Uxy26KxesD7_KuyQCF6TT8dTOEomi5rWAbPw
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXb1RakhY/zEeCcIXOEwQ==

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 44ms
22ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 14:38:57 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 176 KB
65 KB 22ms
21ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-YP1JLG57CH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-9582686

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9bf299629ade28d230020a94cc540131e008b5957dde2899297a823a08289423

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:57 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66066
x-xss-protection: 0
expires: Mon, 04 Apr 2022 14:38:57 GMT

GET
H2 206 0.mp4 Show response
vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/ Frame DA43 613 KB
613 KB 8ms
7ms XHR
video/mp4 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.connatix.com/pid-c2ecd04f-0dca-4ffa-8761-d93b34717380/60764267-557e-410f-85cb-f102d92ee134/523d4fb0-4f47-4bf9-83cd-2b5c179a45db/0.mp4
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/157383/hls.5b3b785f487abbe00eee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: b0c35bcc511183abbaf158b20f6f4a85a54cf4353b4df88163dc9425d97e4ca6

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Range: bytes=656073-1283660

Response headers

date: Mon, 04 Apr 2022 14:38:57 GMT
last-modified: Thu, 18 Mar 2021 19:13:09 GMT
fastly-original-body-size: 1048576
age: 95784
etag: "0f4ba301101db680996746112d54887a"
access-control-max-age: 86400
content-type: video/mp4
Content-Range: bytes 656073-1283660/5163990
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 627588

GET
H3

200

activityi;dc_pre=CKPa5LTR-vYCFQ3eGwod4JsIHA;src=9582686;type=globalc;cat=globa0;ord=9027629594759;gtm=2od3u0;auiddc=457431537.1649083138;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Flog4jshell-swarm... Show response
9582686.fls.doubleclick.net/ Frame 99F0
Redirect Chain

https://9582686.fls.doubleclick.net/activityi;src=9582686;type=globalc;cat=globa0;ord=9027629594759;gtm=2od3u0;auiddc=457431537.1649083138;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Flog4jshell-swa...
https://9582686.fls.doubleclick.net/activityi;dc_pre=CKPa5LTR-vYCFQ3eGwod4JsIHA;src=9582686;type=globalc;cat=globa0;ord=9027629594759;gtm=2od3u0;auiddc=457431537.1649083138;u1=B2C;u2=no_locale;u4=t...

772 B
528 B

32ms
17ms

Document
text/html

142.250.185.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9582686.fls.doubleclick.net/activityi;dc_pre=CKPa5LTR-vYCFQ3eGwod4JsIHA;src=9582686;type=globalc;cat=globa0;ord=9027629594759;gtm=2od3u0;auiddc=457431537.1649083138;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F;u6=;u7=26686259351274717732467004971664565391-414288784.1649083137;u9=_log4jshell-swarm-vmware-servers-miners-backdoors_179142_;~oref=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-9582686

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f6.1e100.net

Software

cafe /

Resource Hash

5a95f70525680f77a69bb4968a2ca81edf332895b85d6a6b1b978911a2c04fe4

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: about:blank
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 503
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 14:38:57 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 14:38:57 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://9582686.fls.doubleclick.net/activityi;dc_pre=CKPa5LTR-vYCFQ3eGwod4JsIHA;src=9582686;type=globalc;cat=globa0;ord=9027629594759;gtm=2od3u0;auiddc=457431537.1649083138;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F;u6=;u7=26686259351274717732467004971664565391-414288784.1649083137;u9=_log4jshell-swarm-vmware-servers-miners-backdoors_179142_;~oref=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 02F2 13 KB
5 KB 23ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 2516
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 13:57:01 GMT
expires: Tue, 04 Apr 2023 13:57:01 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame F11E 783 B
536 B 16ms
15ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5907f9f9088c6415240908ea614d81cc4a2ae5e47a420ce07c3bf2fbc24913d5

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-hR5a2HBP0fY+9kbwRwnM+Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-hR5a2HBP0fY+9kbwRwnM+Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 14:38:57 GMT
expires: Mon, 04 Apr 2022 14:38:57 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H/1.1 200
OK mq Show response
capi-tier-2-us-east-2.connatix.com/tr/ Frame DA43 0
315 B 108ms
108ms XHR
application/x-protobuf 18.118.192.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/tr/mq?v=157383
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.118.192.126 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-118-192-126.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Mon, 04 Apr 2022 14:38:56 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 13ms
13ms Ping
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-YP1JLG57CH&gtm=2oe3u0&_p=1526084353&sr=1600x1200&ul=en-us&cid=414288784.1649083137&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&dt=Log4JShell%20Used%20to%20Swarm%20VMware%20Servers%20with%20Miners%2C%20Backdoors%20%7C%20Threatpost&sid=1649083138&sct=1&seg=0&en=page_view&_fv=1&_ss=1&ep.pageType=other&ep.businessType=b2c&ep.siteType=Default&ep.siteClass=Websites&ep.siteLocale=%5BNULL%5D&ep.pageName=websites%20%3E%20log4jshell-swarm-vmware-servers-miners-backdoors%2F179142&ep.campaign=&ep.acCampaignId=&ep.omnitureVisitorId=26686259351274717732467004971664565391
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-YP1JLG57CH&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:38:57 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F11E 0
0 47ms
47ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022033101&jk=2910071725585087&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H3 200 gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 02F2 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

823068b6b6a39cad32cf89edbec0d116531302e077b701ef7837ae95d6873d64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 10:24:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15280
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13748
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 10:24:17 GMT

GET
H3 200 dc_pre=CKPa5LTR-vYCFQ3eGwod4JsIHA;src=9582686;type=globalc;cat=globa0;ord=9027629594759;gtm=2od3u0;auiddc=457431537.1649083138;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Flog4jshell-swarm-vmware-se... Show response
adservice.google.com/ddm/fls/i/ Frame 648E 771 B
526 B 59ms
44ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CKPa5LTR-vYCFQ3eGwod4JsIHA;src=9582686;type=globalc;cat=globa0;ord=9027629594759;gtm=2od3u0;auiddc=457431537.1649083138;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F;u6=;u7=26686259351274717732467004971664565391-414288784.1649083137;u9=_log4jshell-swarm-vmware-servers-miners-backdoors_179142_;~oref=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F

Requested by

Host: 9582686.fls.doubleclick.net
URL: https://9582686.fls.doubleclick.net/activityi;dc_pre=CKPa5LTR-vYCFQ3eGwod4JsIHA;src=9582686;type=globalc;cat=globa0;ord=9027629594759;gtm=2od3u0;auiddc=457431537.1649083138;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F;u6=;u7=26686259351274717732467004971664565391-414288784.1649083137;u9=_log4jshell-swarm-vmware-servers-miners-backdoors_179142_;~oref=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f5376706e5e6bb357e3e7e3443686d5e028afc1c1e67b5ceecfd0e4d3ce63d00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://9582686.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 503
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 14:38:57 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 s24865716059271
kaspersky.d3.sc.omtrdc.net/b/ss/kaspersky-single-suite/1/JS-2.22.3/ 43 B
244 B 16ms
16ms Image
image/gif 15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kaspersky.d3.sc.omtrdc.net/b/ss/kaspersky-single-suite/1/JS-2.22.3/s24865716059271?AQB=1&ndh=1&pf=1&t=4%2F3%2F2022%2014%3A38%3A58%201%200&mid=26686259351274717732467004971664565391&aamlh=6&ce=UTF-8&ns=kaspersky&cdp=2&pageName=websites%20%3E%20log4jshell-swarm-vmware-servers-miners-backdoors%2F179142&g=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&cc=USD&ch=websites&server=threatpost.com&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=other&c3=b2c&v3=websites%20%3E%20log4jshell-swarm-vmware-servers-miners-backdoors%2F179142&v9=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&c20=url&c29=v1%3As_code_single_suite.js%3AtrackPageView%20%3E%20sng.t%3Ap&c30=v1%3A20220404%3A288%3ANextGen%3A%5BNULL%5D&c31=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&v44=D%3Dv3&c47=Default&v47=D%3Dc47&c51=Websites&c57=%5BNULL%5D&v57=D%3Dc57&c58=Log4JShell%20Used%20to%20Swarm%20VMware%20Servers%20with%20Miners%2C%20Backdoors%20%7C%20Threatpost&v71=v1%3APage%20View%3A%5BNULL%5D&v113=26686259351274717732467004971664565391&v116=414288784.1649083137&v125=0.8148885117554892_1649083136449&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&AQE=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:57 GMT
x-content-type-options: nosniff
x-c: main-1637.I660130.M0-562
p3p: CP="This is not a P3P policy"
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Tue, 05 Apr 2022 14:38:57 GMT
server: jag
xserver: anedge-7b6f4bb9f7-85szv
etag: 3541379072736460800-4619847699268960951
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Sun, 03 Apr 2022 14:38:57 GMT

GET
H3 200 dc_pre=CKPa5LTR-vYCFQ3eGwod4JsIHA;src=9582686;type=globalc;cat=globa0;ord=9027629594759;gtm=2od3u0;auiddc=457431537.1649083138;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Flog4jshell-swarm-vmware-se... Show response
adservice.google.de/ddm/fls/i/ Frame 369C 194 B
199 B 59ms
44ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/dc_pre=CKPa5LTR-vYCFQ3eGwod4JsIHA;src=9582686;type=globalc;cat=globa0;ord=9027629594759;gtm=2od3u0;auiddc=457431537.1649083138;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F;u6=;u7=26686259351274717732467004971664565391-414288784.1649083137;u9=_log4jshell-swarm-vmware-servers-miners-backdoors_179142_;~oref=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CKPa5LTR-vYCFQ3eGwod4JsIHA;src=9582686;type=globalc;cat=globa0;ord=9027629594759;gtm=2od3u0;auiddc=457431537.1649083138;u1=B2C;u2=no_locale;u4=threatpost.com;u5=%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F;u6=;u7=26686259351274717732467004971664565391-414288784.1649083137;u9=_log4jshell-swarm-vmware-servers-miners-backdoors_179142_;~oref=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: gzip
content-length: 177
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 14:38:57 GMT
expires: Mon, 04 Apr 2022 14:38:57 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 02F2 0
9 B 6ms
6ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?pt2Htw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:57 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 container.html Show response
1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1AEC 6 KB
3 KB 22ms
7ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 14:38:57 GMT
expires: Tue, 04 Apr 2023 14:38:57 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame BF34 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 14:38:57 GMT
expires: Tue, 04 Apr 2023 14:38:57 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 bl-39123b0-71ac0870.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 9CD9 46 KB
19 KB 18ms
17ms Script
application/javascript 108.157.4.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-39123b0-71ac0870.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-6.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e2835af998d5ef885bfa14a1b1995c7724d5b6a76f545b4a491763bff6f0dac5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 02 Apr 2022 00:38:22 GMT
content-encoding: gzip
age: 223236
x-cache: Hit from cloudfront
content-length: 19393
x-amz-meta-git_commit: 39123b0
last-modified: Sat, 02 Apr 2022 00:31:19 GMT
server: AmazonS3
etag: "27a611307893faed4f77b20bc9c527af"
x-amz-version-id: ciXDgJvjDfKJZB9C8XzODN3O2B85Zno7
via: 1.1 f97c9082b750957571bc7e3354a4f4a4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: ahGuQOouC_XVsl0UKsQjVJWP8mlSzkAAJF8ashzmf8ifq_N7PkHupw==

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 9CD9 73 KB
28 KB 20ms
19ms Script
application/javascript 108.157.4.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-6.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 05 Feb 2022 22:56:33 GMT
content-encoding: gzip
age: 4981344
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 f97c9082b750957571bc7e3354a4f4a4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: h-EWKj-XplI3hGc_fCzcKjv4ikjpkkd680tQGKMT7UmYjyaL7AqcHA==

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 9CD9 156 KB
53 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

03017a7aab8674379b497b5937709b397d8f2353fbbe9af6e5b698ed8d7dca89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54062
x-xss-protection: 0
server: cafe
etag: 12656743930516401529
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 04 Apr 2022 14:38:57 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9CD9 119 KB
36 KB 16ms
16ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 14:38:57 GMT

GET
H3 200 container.html Show response
1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4072 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 14:38:57 GMT
expires: Tue, 04 Apr 2023 14:38:57 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H/1.1 200
OK g Show response
capi-tier-2-us-east-2.connatix.com/rtb/ Frame DA43 0
315 B 111ms
110ms XHR
application/x-protobuf 18.118.192.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/rtb/g?v=157383
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.118.192.126 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-118-192-126.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Mon, 04 Apr 2022 14:38:57 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H2 200 bl-39123b0-71ac0870.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 1AEC 46 KB
19 KB 18ms
18ms Script
application/javascript 108.157.4.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-39123b0-71ac0870.js
Requested by: Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-6.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e2835af998d5ef885bfa14a1b1995c7724d5b6a76f545b4a491763bff6f0dac5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 02 Apr 2022 00:38:22 GMT
content-encoding: gzip
age: 223236
x-cache: Hit from cloudfront
content-length: 19393
x-amz-meta-git_commit: 39123b0
last-modified: Sat, 02 Apr 2022 00:31:19 GMT
server: AmazonS3
etag: "27a611307893faed4f77b20bc9c527af"
x-amz-version-id: ciXDgJvjDfKJZB9C8XzODN3O2B85Zno7
via: 1.1 f97c9082b750957571bc7e3354a4f4a4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: eLvPz_bcrrRUf-zdZXrYSt1xGllR5-2bHmh4qqzEgTWOwV00eq9DxA==

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 1AEC 73 KB
28 KB 21ms
21ms Script
application/javascript 108.157.4.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-6.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 05 Feb 2022 22:56:33 GMT
content-encoding: gzip
age: 4981344
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 f97c9082b750957571bc7e3354a4f4a4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: LcGFy3EP3MLy-gQ_TRrIulUKxI_pUwvAyHRwnjRqYG5TMACSr5BLRg==

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1AEC 42 B
63 B 59ms
39ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CVXs7bvRKJxwnrETlADoHNFEqxDoH9nHj4LmroEt7sXX-fnMaYP6Tt3Ud0pg3yBf3ukLPuM8tKBmN875yZggPa_pJHHCpaVQIwXNxONzH7kmwnOHI

Requested by

Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:38:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 1AEC 2 KB
1 KB 18ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/window_focus_fy2019.js

Requested by

Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:35:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 208
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 14:35:30 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1AEC 119 KB
36 KB 17ms
16ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 14:38:57 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 1AEC 15 KB
6 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 14:38:52 GMT

GET
H2 200 bl-39123b0-71ac0870.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame BF34 46 KB
19 KB 22ms
22ms Script
application/javascript 108.157.4.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-39123b0-71ac0870.js
Requested by: Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-6.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e2835af998d5ef885bfa14a1b1995c7724d5b6a76f545b4a491763bff6f0dac5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 02 Apr 2022 00:38:22 GMT
content-encoding: gzip
age: 223236
x-cache: Hit from cloudfront
content-length: 19393
x-amz-meta-git_commit: 39123b0
last-modified: Sat, 02 Apr 2022 00:31:19 GMT
server: AmazonS3
etag: "27a611307893faed4f77b20bc9c527af"
x-amz-version-id: ciXDgJvjDfKJZB9C8XzODN3O2B85Zno7
via: 1.1 f97c9082b750957571bc7e3354a4f4a4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: EX5CJDFwPOGLw1qMWZvdsC2gFIIyeaBdaMfn9aOS2cVd-KRLboVpoA==

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame BF34 73 KB
28 KB 25ms
24ms Script
application/javascript 108.157.4.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-6.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 05 Feb 2022 22:56:33 GMT
content-encoding: gzip
age: 4981344
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 f97c9082b750957571bc7e3354a4f4a4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: amaiHCPWUPWam0jkz7WReJmLuad9PqSDkPDs3NvTC_P6Rrql17dtxQ==

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame BF34 42 B
63 B 52ms
40ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BNyJ2KsIxV_HnGGKxqbYwDUpv3qDPWoyzO4bwlt_-1nUJhQwon8AMMbuVDr1UVRzjzJdnzlo7dE3iulfU-5HjQaLrWWKXLjRuuKaZGK285iBeXfpg

Requested by

Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:38:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame BF34 2 KB
1 KB 18ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/window_focus_fy2019.js

Requested by

Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:35:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 208
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 14:35:30 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BF34 119 KB
36 KB 23ms
23ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 14:38:57 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame BF34 15 KB
6 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 14:38:52 GMT

GET
H2 200 bl-39123b0-71ac0870.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 4072 46 KB
19 KB 20ms
17ms Script
application/javascript 108.157.4.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-39123b0-71ac0870.js
Requested by: Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-6.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e2835af998d5ef885bfa14a1b1995c7724d5b6a76f545b4a491763bff6f0dac5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 02 Apr 2022 00:38:22 GMT
content-encoding: gzip
age: 223236
x-cache: Hit from cloudfront
content-length: 19393
x-amz-meta-git_commit: 39123b0
last-modified: Sat, 02 Apr 2022 00:31:19 GMT
server: AmazonS3
etag: "27a611307893faed4f77b20bc9c527af"
x-amz-version-id: ciXDgJvjDfKJZB9C8XzODN3O2B85Zno7
via: 1.1 f97c9082b750957571bc7e3354a4f4a4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: dZ3NURXFptzO-TOuifQrHBzRjq5aVZDvxAPp0Xy9FWst11yoDvilJQ==

GET
H2 200 b-7b120a5-9b871d4e.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 4072 73 KB
28 KB 22ms
19ms Script
application/javascript 108.157.4.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js
Requested by: Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-6.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 05 Feb 2022 22:56:33 GMT
content-encoding: gzip
age: 4981344
x-cache: Hit from cloudfront
content-length: 28179
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 17:49:31 GMT
server: AmazonS3
etag: "c42a7ac1ac405f3f0cad04305cad5553"
x-amz-version-id: HCJNSpgvHPkSF2.YDap.Qx6PnxOllH79
via: 1.1 f97c9082b750957571bc7e3354a4f4a4.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: mJCOghS0Li8ErorYmD3fl2BgoxcOrvYASEapXq5jYQhchwPjoq0ing==

GET
H2 200 css2
fonts.googleapis.com/ Frame 4072 4 KB
1 KB 38ms
16ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 13:37:43 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 04 Apr 2022 14:38:57 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 04 Apr 2022 14:38:57 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4072 205 B
229 B 25ms
10ms Image
image/png 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sun, 03 Apr 2022 21:38:16 GMT
x-content-type-options: nosniff
age: 61243
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 03 Apr 2023 21:38:16 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4072 604 B
628 B 24ms
10ms Image
image/png 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sun, 03 Apr 2022 21:25:50 GMT
x-content-type-options: nosniff
age: 61989
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 03 Apr 2023 21:25:50 GMT

GET
H3 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/ Frame 4072 19 KB
8 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e11dced993be3d8dc0b83a9532f0423d64ef189d577b91a7f9794b653ba435bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:11:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1645
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8226
x-xss-protection: 0
server: cafe
etag: 11792478805792993122
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 14:11:32 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9CD9 0
0 43ms
42ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuUWOFT3BnV_Dk0GilT4-pBvpmHu9viTgxDJVVx3JEh5Ig81dakX0YR6dq3ml3ztuMp5U9UDwP8RDb8ZdaiwOUI57e45sqsLJNP-bGxyZEPAiqIx8lawCTI19XgvXnla6PyaKhV6pXtTfhOW4YZKKpUnCY_hc_u7S3oGUx_iWjB_MKPDoBNmiEJ-KkP5ZSayc9pLaaK4U5r6OTpsFufxvsQwxT4aEiYzfZLaOyaPg5wVgXLJAk5p8NAhmMRmDGD19VeJLbxacPtTzvlaj9TNI_iQHzwoXL0oh5JO9JoJRRyawSS1wruQJCaZ7aIN0IRkX2GX-wx&sai=AMfl-YRSJqr6mZM7TJWXMd20CHAvK3OxNE1Ohhd9-w3rdFBoJEVb37uvI2MI7tsKrQU9cdknENYWu-R6xJnmfW95qoSPdd9GBORB1UmI8uOQ&sig=Cg0ArKJSzJveDnQ_7gaoEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 14:38:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 04 Apr 2022 14:38:58 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 78ms
77ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022033101&jk=2910071725585087&bg=!MjGlMXXNAAZku-1yRLs7ACkAdvg8WvRcKW_WNnQ2R3ZZySNlUPVVIGay5gVQpJyawmPzK13ZNzNRZQIAAABuUgAAAAhoAQcKAIPLFn2jOSIdrOMLuZeBuImrLxZ-oMCQAKzFoDpejtFX_saYi3WjKH4nt1ZV4UH9jHyTJGq4pYZcYatFPGQt4e_ORMxWyQ9MbSft6JdivyMv4bdAXpL9-V3CdBeEVIGrTWwT281PTK1riMAQr-YP3EEzq2PJSpcOxUw9xhLBtHNFhdMT5pkC6DWffyWPBI6Zc2M2RnYXzqterarff5CmmJEKCxrkPuW9vDbjIObegLHBNJlUuVoErHhVULkDyw9AapBwjeG85InsYJhzWDaKsdmztWy3tcWn1k79IWlPUDIVAX6kEG6fYBeb9TBY1iDAyTve1dAvp63f8jimcxkH5_TUN0pNZyhuWh8EPmZjJb_-pa9VI8E2r91RNkva8xH717d4k2HgamifPaWBHxEA4eYzBdApCqT6CBhtI9e6gU22fxvy56bjwjZ6v1AL4SRPuBZgKoKT2rqbYJoGr1VXCmyJW5308mWaxtyaoMhXsRc1YSxbCg5WHPX6hTh88pjUPeLqxn7SSZd1wOXQzozdgGX9FIWBxhSXIe89hroiC5Zu6J11fxWX3rlA5zyxAux-ToJIYYeZM5wzcpfZSTAPbzqqSB01jlZkkzuvUiz2GhBg3h7mq1pHY8jJsty8TagDhBqEC5XLDPCPy9oJz7YQ6EdhEoxeZpu5ISU1voayjrsNZYrczvMK42BLka7XWLScTF6AScnuF6nmStsteJjO3Kc9P4KekqbSiF3FnS49rTBsXm6XOqDvNe0uHK73Mac697hj203OcJH0NCFb0DciKt29dWNQZ_oQR-SWVVIsIlGRt1y6Q0CFC-TqNbS2jZjTcpQcgOEyEQAzi3OeHu8vF6XpL4hxrU6PUXKY6X1q4iaqeYutQRvgNwGMZpaPlQH34ca4PkQ7sm3FgqF49iSrguyLMD9YLdb3kc_EHf5KJDaBMQcSeUJOH71K_OO5l06USsCqXU5EZBs4uWZhr9cWgLFuhNrFKc52qWNzSSGWepVg1S_X657Ra6SKzpsKP6-uymfL24U678EIYgJcKkVcmEAcywwDpSYvpBNayq4YcPh1lqvmwppb4YPrBTGW6O2f84JuLoi1O1x3Ihd-3nvmB66q0GYlYinzFK2_ndXMHe3o96UTMmwf3f3Xb_xs6P_7KtFR8Y2GbSWcjsfbFn49Qw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 9CD9 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 49527660dc4019ed37886618914c14d12f17feecac844e0c3e9979f553340977

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203280101/ Frame 9CD9 300 KB
107 KB 34ms
33ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203280101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7500593236707325&plah=threatpost.com&bust=31065971

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca2b7ad3d597f6421ce95bb02b8305c5675428fda90484ae183435edd5332f34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 109976
x-xss-protection: 0
server: cafe
etag: 3208720650692323884
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 04 Apr 2022 14:38:58 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220330/r20190131/ Frame CAF4 10 KB
5 KB 38ms
6ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220330/r20190131/zrt_lookup.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

age: 54749
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4502
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 03 Apr 2022 23:26:29 GMT
etag: 4044455266028820542
expires: Sun, 17 Apr 2022 23:26:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4F43 645 B
306 B 34ms
18ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCs8_wBGOuk5bMBMAE&v=APEucNW9ZxgUq_aVQr7OVuRAJUN7n5AYX_RHwIUjRk6EtMWe2JdSKqkc_e08-M8vmNA0RTS_1y7poYCfJadGad9QQDd986MVnKHNhAP23bQBVR_t7_t0EHU

Requested by

Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a08acd55bb001aa85ced7f4f93a4a1446ca18a17689e872b59a9da81ebe0cd45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 285
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 14:38:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 1AEC 76 KB
32 KB 53ms
52ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ADEPdfcBHGqE2nNadTraYYarTDp0REXTK7Xr6UfjQs65ZqXSanSJklsN-y9rZIsVnFueU1q5-a55mZpTaG-_cvRoinm1CNLcjI6F6IEVdC0-LMYbATJkpIIw50n-5-FPx31RCIZ-ETPXXscW2pNbYc69YUvw&dbm_d=AKAmf-BB1_axGOxlmHI2egW8u8N-Dmi4kDC_owQEGrQUU9KAphjYYQk8Goe7qdU_l3H6M2X62ioEJjGmEp481zw02C6qeESaqSEol39m4v-QaEq6KzmgI-FfoRyd0MNoG9fEwp8xoo_vu_YChkSBaC9WWQ4iMRJTujUv3kzeT-A6TguR4dz1VuUzEo0SPlBc2Br1kh0dPWMEpzGpxTSku61FRRj8KqPsAWstTdcuyGRVc5pvyRqWlhQ2Bi70uJy80ZBUSi5syiY4VPjgSfq3dQxtsDVgT-X8xsNWLnc2Cvn72k4jODkm7tmEMtOtObwuMksKgcOS6gdkD57xysBBNUSDWg4TlWNqTUi9wSQ1V9DS00BoAQdiTEX5FBmjwwwy9cLoloZJNHo7VAoUjg-JO5fW4_KpfrUcChibg3aJdcofD83gSVfoOhWuYr3ZNl4DvhYTmxL_tli8zaDnwNQDKZdi6lPt8GfNLSS_whvY4NE5iiMyXucGETt0EqVNR9w_Pu1Xm0wBknIaAw_YJkfHoovxsPp0qWA1FWeI_Bo9m6ZswAZlDoZT4hJEjvzw_ogVnafPn2mS_9E3Npc6HQp310hvnKcunPmereznehEPYsfD31G0IOkNujmJquZnS4l6EYqE0y-Wu23hrhwND3TzIgiXtLIHAdmvNgBOcaKYRox1U0o-M_-OH8zjLWmkkNS0Y0AbBWJL37_GiPburZKbkFIVpQqps7WbWW2Mk04IWJ7TARAEqDsRZi2B6dqqRFbCfI3mqYTv3SIeD0SdXT2Tjgqm4kMBtiWfblQakpIj4BdOlZrRVi1jF0KT6eCGL3Ziy0DVNtSDbnXRgx597HK4Ot2YVY3fuh94i0IaeQhf857yPMJr7eGDGqETxtTCzhfT6jWV_vEodKtnTwQkp2VGC3KBCJS3mHOepZw2hYFiZ8LAInWtoYZ1eK9WULmRTGhcHbOHBO-rjdghBJwyN8szcrIkA2kMj0giSrHrpiqXBKAscdeAhnCjC1K2shEp_-Xs9hCA4jDBpkTI_4DImIEVJlVbXIpJw4ldtdUrX07pbsl_Snc6kQFKnlx03k_IjUSYZbQCkw6UXXoj0-8tjAef4wZUgTeqGmNq_26aoFFqQMHtMXPaNJdVgv6GTw1dr2b_GN6G_rimJRTFLXBiosnEr06e85_149lfduWBCBTgWyMoho3xPOZp8J2qN1m7nck3rWEr1njYUZLvT70HmTuJ1XD2u8jhw4aM45P3-d5g_SfvRNJv0OJAnMevBiiLh9eo0d6uUv7vLkmyCvL-7zRtFDbc6h_IkLbUs04lFa53N9hIV4y5MdrbcSc6MRBuqfkGvayecGT8F6jU2eXVgQiIJWG9R0PNcrEF74IlrF2GmpXniLkQuHD2el3jrKFBiJrUHAoBeuecCknhQyQUuL4hv63GjJSe7r0nfrnlUWt02B3yetKwjuhufqPYhD98Qb0nMIGlHdlg7rBdR7Y1jAZwJB1yeclh_BaZD8xnGqvfk8KM5bMljaLDUunbPknnyareGtEARrFE91PSwPhkw6kt-Krmq2PTz2OBdRuyDS5D_tq2vP6Vvy3roPaiTBwVB1HLcGGOzsax58Cly-CY015pAWlMUX5i_uj_JVA1TEoPxHcckV6Sp3uZ_co8G3HY9y68eqrmo6SBN7UudNjIYbhpdnInGNBOBmecCZ_ZO5ehGWzzGdLLVSApAYKGUOQI_y8pGqVBF1XNQdeLuIc7kc-GmwihszQasqd113Loho9LxOaOc0A3_M2YQWfTmwLIrSeBrQdFTG8BKEt_5Y9jzzZU2EHrQpfrIxcb631bgP-m4Xyu4z78PELRU2tBUB5-36VTCXM3e-uhEomlv5RciUw6SVz94khZM0PcubD-7OKmLiT25B9pfIdvJS3L4F7-2Q-HZ1wUk9NbFgIxXIMyE9x1lyu-I9friZ8Jd2y9Hivpot-gWecxSgyWBI2Y9FlPjsgqW5yATIHtL8x59fvwMjAqb_7ZolRfpT4JRbW7CKGnsJJBmEbhBjzbinv69G1nRgJNlheyBuyYlf-lsVrDrKa3IuBHsBd1nEienOjMaeHmC_20j6s5a8VyyqQPbZQwgLMEMrMQGoxz1LEDFBNYKTYNZdu_3HQL_COtYOo2RO8H-MLFr64U4rYhLxDqnrUaapgZfpE8fJm3qEolE1wWVL_SN_Fov809fgHd8LDXsQXnOvf5nYfmeeCqJgNJiNd-yBSbzLU25J8HdKt8tZpTStOmli06F74hjK2t0oiJRGZXtLm15MBrFaNpcQcPHJYW0Ba_5JMq3-opRBS25ancEEZQk1i6Vax6jaa8DgrXrtX9C31-DWUlkFpsHWvzfkq8OsOyddMFTMpvsLFA3LS4ugJWXtaBuvsyoRgZyGG2QInKxM2PAR-za_4l1TAEJ_7W5vd6A0IrTJKzjgqz97aXL5VdmQuC-zcSedwUCO7hMAq3fo9_fVuK0lAhqq7rNvMBYjcY5uCcZl9O8gfQK0X5GaEOnovM-8bsfr-GBwSKDTnNIwJvLxi3a8HKAlnu2CNLubp5bJbgBT2kfey48BeHbAINp2drE_Do9_jMsZLIKetUmOycJKG4MHPSBDyZ-MYgKIAo6YK7j6W0pyIZDUfySp4IjaZFKshcwcVVNPP8BzEYneFZJzH2rJSy8fMZZPWVcLtbVVP8-YbEIcO3ACYG53K8zXe7ArNgQL51B_XN4wk54w0S6dv_55qLukDQ6lin__2gkZUa46X2SbObPaFqF7xjNQzLyIjLKcNDBU5L3KpsXNhNteTLqT51DGfhpDePN0pkktuO0vzH1Q1bPfGYRmIhWXgTRL_z2s7hLETUpU_6YVPwmORi3RMwtL4FrLIhfs2PPnSbB_WbqS3f7zyEpA2BXD0RUn26c0VlmBTohGIV-IrRzQHbwdC2Z32rOOHRRAnfcj0T-8HSjYhgt7Y0mAXpakHMqZKs5ZuwYo3qMEdN9dv5uTE09ktddQ4zyGG2lj3xrQzVeOcMbCqJ5S3a0ef6COveqxNy9lZzfidGz61gJx1iO2AVgnqbhIimm74xqtD3mcc_Ebm97k_le0uWfMBJEcc1kzFSfLG_gSf8yaJ0sEwnCO2sbE2oB5q377wakOlabfAKFwTR6Sy3WL1q2auOYNFvmWHB8oByNIoxjqrA-MoQwW5MmqE5D53aoaAcO0qklI4hxPWDFgmkY30xkVBaYVorOhRD87IwnK45Ao8gDU48PnjydwcHa8fCIA9VkYpuRA18hUwRVbLn&cid=CAQSLQCNIrLMvt3QtSjydfa0Am1XU3Y6GhnfqV0SISrUEZ9E9wlM39bYayaTtssddBgB&rfl=1%2Chttps%253A%252F%252Fthreatpost.com%252F%240

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e57b56fa699c58aafc383905dcb6f68910dc0a5cac26b1ab0a4646216c1f2f83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:38:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32870
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 176E 668 B
325 B 24ms
20ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCr8_wBGMjCiqcBMAE&v=APEucNVyLcSz0LPHVqwsfq7fF58gCnA35A41ej1lM1h6hSGB-vesKZJ6_ZSSl6mywP-wdVoUq_kRi7WkkAU_dMw4I9Xm1ZAwOCRFHeuk-8NdwR_bFfqd7x4

Requested by

Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8015a89c7e50b71a6597cfc7bc2be462212ae1f57c37e40878a79e7550768ccd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 304
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 14:38:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame BF34 77 KB
32 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DqTuRn-RysrkdqcO1jg764aAn0ILbT9rAfjjyr59oXnaYiu0WrUdeSoC5DaLmvSQ1JgnMU1Dmn-vlBwESU3iI0OLhcUIUeDdL5UuOjX2GRTLozEIaUuDg6xBlHwJ-Y8oezXM49g1NS7uR8FWoGXbGZ_wTUnQ&dbm_d=AKAmf-BObULkPB8qrJ2ky6X5wx2z0cKnF4zqeuNGkRrG38ZjdR87VqaFyR_uLCnafejAg-3v7F3FA0pB1wXMAg4IhnZ3qBPvmRGs7qLOo4mvBTPeuRyfoIVQHrb27qn5ntmWfONy7b716ihAPfwkYP4u1-_spsCvlJXTbfaWyK7yViVBthZg7xp91TTA-wxQDFS7pGRnFN3nVXyZBDLcNJ-ZNpKtJCY63SNH2-SfpCV2RoLJXJ4L7FsEHg37R8q-zIJ6pCrE4uMl7ISOqNwmys4Fs3Q5DZIvlNi6fiELrv_cemIGzCxwKsZU_zaSXi2kWVNJ2SyOaCxatr9DcgHXEdgzb9g37D0R3n2UUJHZIU18JiujHP1zYVhvkdlW8CQW1d0iN7paph410hAvqfd7x5BQyJif5307YWl69m1nTOOtcPaAPHgyYj9VWfcAByJHKNRhvIXClA6liS46flfOIDgn6nCC8jdAsH_Wnp9PfgxFF8EgMkt7_NaPkUYBkrZEOC8VVrBnR03UXe8aox19k1zC0lEiERMxiT6WrCO1rb4s6aKK0-kEJI0v8I4xn3J-cz-ztByphsFgb7TnCA7P-cZMwxrLfHt9t5BepwNjcLVTEWZxdCyTcpf6MEY8xxyQkPl2KxBmXxcs_WFqpVUPtPXx-X8xiZGiHrlAwAZGa84gbURSb6GYy56LF3tbweRGebd7Qd-piF9BFKNQy6gbpZBSuLHNLpSffPUInIV6ZPDadHBy69O8IjnPaNlIAq5mgsP6KfKbcRlb4IXG0TE7N2SzUSFqs-9oL-9D803WiftZE2j0AJecgq4T4dmYEUIsoudwdAvNRQiqGX1VYZhouEDhsMB_pRF-zFDHRD67MgHXY3ZjsJTlEYAFPJyuG_2ptu4HvgR7yZ-8r_jhuUsdPbMo4CR8qw1RRYTX-8C_Veef3iJvcV61C0EgJ1JdIV7m6vJKNBnahaPfa7lbdG1zS3irYqpcpQTht9bBgYcW5bT4ueh_xQVaLuil2owdKpqpCnYEIsO7G74qQsH7trZPMPOeIKpW3kqJtlJtFmdtbRMLb_ijAJFNNGYahHVbKLfV9x4axCpRz-3T0koZHwnILORjwkpPZarvc9Nkd5DKMciwuEQ1aKa4IKa9pMe-cKq_6bWuaVzf8kNvH2JV5pSje1dqhVoEtXar0OUNfRIX9Tx5DI91NkgD4RVp4s4MEsuUqe8h6cHM2apIlUSWS0tdIHeQwNHawkOjI1tn39E7xnpNOR8_ao9mv4hIQCvLCHDSzFj95-v1LY2pBV4fzr8_65ENHB4YwQwfClh4NHIOZdgrOYNXvYrzlFNSn2B2H7CSeb3TndzC9vcmwPVH3aHqeouMyuXnCIx4AhhlqWi79kqs3bOaREQs7iRaDSKWVHE5grDTsZy3rB_CipaR1oC_NGb0XxJhDvcPYPSRm50se1A7d4a4QxkW4phEe-kpaH45nclt-Wng9NWmX5IfD21hPpdE1mtIf0y5DoHQyErDYMTWSymeRRyQH6rR-HkD1bnNffb6LslCvyucIap81P_IpvM6F1A5I-3fVzr9bEEdMwiXvTB00fFEEmkqWwoZKSM7Y9azd4TrAkN_aHQ65rz29RB2H5x90D1_77LDHlWyY2wscC2G32PGaFDZ-nn7LyPqu0fU1kLWyi1grLGcZQU2UonlkA5LU_-CFnaR7AC-3msQAJXWjIb6zHe2OqP_noFs2UAhCDqvaYppOZ_Qr5VEtKmNLBbvc7K12BM20d0MXuHoo_aRGxSEFddgwi1zFAbLDdAXkXGoDALMUizHlxUKbDYoI9Wyo6ldqzypsVzZhe5n-w5pn5BZ2es10eiRdRWj5QXiGvXX9Y31Y1Dihok3pKzptFbJ6IdGhgDOIQqoPt6l1kVud_n-C4VCcRbc1vXS7_sHQJUPINtgAnIPB12LO7uz4OopMM6eaj7vCNifzI-LU-96icoRCbATpeKYfpkdKqLr3XTkevx6fU_NAm3c3m8LTd3bA1tYKJ0cFUGFqFy86RimrdncCGHagSls5uGZgCQDogahsCwwyM__9hpuppTCZyb9Qqus6qIcqu-lnUnaZ_LhetHHHJ47oyv5q60Pw2ICOyXO5NtG_aQs94thR6bOlPc8O9BKj9YG_mjgGtp7on3os49jfF3rZiibaYk3X5H222IomdQ4jmcXZOds-g7F8ISI2TQZi93OCP7fuzVWHmX5sq3gsgrLjRKDJnSy78WNSGeElpbxCpOCAzGFrKq-ufZfenCAGJ_pd4xm-pSsbtYcwzwrNY8k5j4EwZoRPW3oV2u05AbHQ19xR0qAHKUjYyQHKp2afGlZcRHQdHNg4vifAX3JruN1Er8k6VRt00QEHnUMH4pfDbniZ7riBIMF6WLf-5Y7SADy5XKs4GoMYzf8KpRIOtQOvosAbaP2Dsl9yLraG6BefhJKs2ezkKWDa_L9alxR7u8mTcCtzJdJhLhurb9ydpwZfkIY3GKtvAbJx5BFd5jhLzuNAMW--7QHGnyv9TiX-M5KHOWFNnl3FtUdhKRo-DVA7x-5CN7gb-uyryPG0JoZtHKoit2F9A2leQ_jOxfjoFYzOVpWZKk6M-dd5SGBN8-ChohH3qGQHT8ebd9usOTdfoejVUevF7AQhHFXlQxGGTQDrtGCSKZZzKOyYwuYzQK2nsVMdYMlAy5-iKWLqF4UsAU9K3GkkVgABPSY3F7yxe3hpOh0qQBmpnxAh37hDHVCrFIU2rg7eqPe3l48Z0VZLizUjfwE1Oqaf7U2-ln2VKOxX37g66RjBl7ULdg4sp27czcn2rlWx42Oko5LiejN1k8szuxLrr1ilUYDZOfAvQZvNsMseB9OZvKEFy6-xQ2pqFpmy5lEvxHdz96q0jBnLgBt30clcpMWf1ivyo7u3Av3-taFYTVjwzE6IX7uVqGSlaSLwHTkbJasLh55wAYv-eZaj2oV9AE_EiRxwoicNW2hDO7dpOc1_QVc3b-puaC-um-ahnxPC1h8wF7HFN4m8d1Qj6jkRcHQJghHCkhUmDV_2HD9Y5FB9KnyNIZREkL6DWtsAcIgUb_hlNL-H6hH8H47MD8GnIKrdsidlprTtIlm1FYojGYp9ojW3NB0tWVJCh7ArmucJr-O_oklduOex04-uQOQlMdMJ8h5xBLWX6w3Z6JvhiW2B17QdE1PTYrCq8i-ov20V7lxcNFOWn5T7Oubr5DOSHPRNHOJc6iU-HfLVU6xbRmOm9suekUIpr-2DtMiyZ4dlj100kD1IWJx4qbnyGNXrP25kuaQpXABnQ&cid=CAQSLQCNIrLMvt3QtSjydfa0Am1XU3Y6GhnfqV0SISrUEZ9E9wlM39bYayaTtssddBgB&rfl=1%2Chttps%253A%252F%252Fthreatpost.com%252F%240

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

765667af64d7879de1359c56a6863185971cf659169b0696e319c3b03ee58e1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:38:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32914
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK sv Show response
capi-tier-2-us-east-2.connatix.com/tr/ Frame DA43 0
334 B 108ms
107ms XHR
application/x-protobuf 18.118.192.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/tr/sv?v=157383
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.118.192.126 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-118-192-126.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Mon, 04 Apr 2022 14:38:59 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
transfer-encoding: chunked
Connection: keep-alive
access-control-allow-credentials: true

GET
H3 200 css
fonts.googleapis.com/ Frame 6E0B 8 KB
892 B 33ms
15ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 13:37:10 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 04 Apr 2022 14:38:59 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 04 Apr 2022 14:38:59 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 6E0B 2 KB
904 B 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
server: cafe
etag: 13035868154101442325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 14:38:21 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/ Frame 6E0B 19 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/abg_lite_fy2019.js

Requested by

Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:35:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 197
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7871
x-xss-protection: 0
server: cafe
etag: 7397949449432438406
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 14:35:42 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 6E0B 2 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/window_focus_fy2019.js

Requested by

Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:35:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 209
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 14:35:30 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6E0B 119 KB
36 KB 18ms
17ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 14:38:59 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 6E0B 15 KB
6 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 14:38:52 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 6E0B 0
0 15ms
14ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT1xxox7-zzZNxl983Ve4_PhsQV0T3nFwHKMfMKiIld46pQE5mX7H14jJuH_ebzOnuyMary
Requested by: Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H3 200 dfa9fdc9b45632ba17ba59fe64d4dcb5.js Show response
www.gstatic.com/mysidia/ Frame 6E0B 29 KB
12 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/dfa9fdc9b45632ba17ba59fe64d4dcb5.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa0992b4e17a3324d53313c014452f8636a4c6b1b84d3187886c386140911535

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 02 Apr 2022 11:21:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 184646
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12015
x-xss-protection: 0
last-modified: Tue, 29 Mar 2022 18:36:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 01 Jul 2022 11:21:33 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 4F43
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMEf7dQG7ol9Py0mOaf-1Dg&google_cver=1&gdpr=0
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMEf7dQG7ol9Py0mOaf-1Dg&google_cver=1&gdpr=0&C=1

43 B
894 B

26ms
26ms

Image
image/gif

69.192.160.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMEf7dQG7ol9Py0mOaf-1Dg&google_cver=1&gdpr=0&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCs8_wBGOuk5bMBMAE&v=APEucNW9ZxgUq_aVQr7OVuRAJUN7n5AYX_RHwIUjRk6EtMWe2JdSKqkc_e08-M8vmNA0RTS_1y7poYCfJadGad9QQDd986MVnKHNhAP23bQBVR_t7_t0EHU
Protocol: HTTP/1.1
Server: 69.192.160.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-245.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:00 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Apr 2022 14:39:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:00 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMEf7dQG7ol9Py0mOaf-1Dg&google_cver=1&gdpr=0&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 319
Expires: Mon, 04 Apr 2022 14:39:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 4F43
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgdpr%3D0%26google_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=casale_media2_dsp_secure&google_cm&google_hm=YksDBIYFreWLoXXsueWyFAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMEf7dQG7ol9Py0mOaf-1Dg&google_cver=1&gdpr=0

43 B
894 B

23ms
23ms

Image
image/gif

69.192.160.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMEf7dQG7ol9Py0mOaf-1Dg&google_cver=1&gdpr=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCs8_wBGOuk5bMBMAE&v=APEucNW9ZxgUq_aVQr7OVuRAJUN7n5AYX_RHwIUjRk6EtMWe2JdSKqkc_e08-M8vmNA0RTS_1y7poYCfJadGad9QQDd986MVnKHNhAP23bQBVR_t7_t0EHU
Protocol: HTTP/1.1
Server: 69.192.160.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-245.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:00 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Apr 2022 14:39:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMEf7dQG7ol9Py0mOaf-1Dg&google_cver=1&gdpr=0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 324
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 4F43
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=0
https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEG-tVY1GQWQj16K327k_4YM&google_cver=1

43 B
1014 B

41ms
38ms

Image
image/gif

37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEG-tVY1GQWQj16K327k_4YM&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCs8_wBGOuk5bMBMAE&v=APEucNW9ZxgUq_aVQr7OVuRAJUN7n5AYX_RHwIUjRk6EtMWe2JdSKqkc_e08-M8vmNA0RTS_1y7poYCfJadGad9QQDd986MVnKHNhAP23bQBVR_t7_t0EHU

Protocol

HTTP/1.1

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:00 GMT
X-Proxy-Origin: 217.64.151.9; 217.64.151.9; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: eb635a51-c1e2-4612-a1a6-0521c8e6cdd5
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:38:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEG-tVY1GQWQj16K327k_4YM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4F43
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzAxNzMyNDY1MDU5OTI5OTIzMg%3D%3D

170 B
188 B

29ms
27ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzAxNzMyNDY1MDU5OTI5OTIzMg%3D%3D

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:38:59 GMT
X-Proxy-Origin: 217.64.151.9; 217.64.151.9; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 8a6388d9-de66-422a-adee-2b580f74477a
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzAxNzMyNDY1MDU5OTI5OTIzMg%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 176E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENhJzeyum4yeQo9-knoBd0g&google_cver=1&gdpr=0

43 B
61 B

29ms
27ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENhJzeyum4yeQo9-knoBd0g&google_cver=1&gdpr=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCr8_wBGMjCiqcBMAE&v=APEucNVyLcSz0LPHVqwsfq7fF58gCnA35A41ej1lM1h6hSGB-vesKZJ6_ZSSl6mywP-wdVoUq_kRi7WkkAU_dMw4I9Xm1ZAwOCRFHeuk-8NdwR_bFfqd7x4
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
via: 1.1 google
server: OXGW/18.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:38:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENhJzeyum4yeQo9-knoBd0g&google_cver=1&gdpr=0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 306
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 176E
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&gdpr=0&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NDIyNjlkZTQtOWVkNi0yOWI5LWM4NmEtMmU0ODY3MmI5NWNj

170 B
188 B

30ms
27ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NDIyNjlkZTQtOWVkNi0yOWI5LWM4NmEtMmU0ODY3MmI5NWNj

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCr8_wBGMjCiqcBMAE&v=APEucNVyLcSz0LPHVqwsfq7fF58gCnA35A41ej1lM1h6hSGB-vesKZJ6_ZSSl6mywP-wdVoUq_kRi7WkkAU_dMw4I9Xm1ZAwOCRFHeuk-8NdwR_bFfqd7x4

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 04 Apr 2022 14:38:59 GMT
content-encoding: gzip
server: OXGW/18.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NDIyNjlkZTQtOWVkNi0yOWI5LWM4NmEtMmU0ODY3MmI5NWNj
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
via: 1.1 google

GET
H2

200

um
sync.teads.tv/ Frame 176E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm&gdpr=0
https://sync.teads.tv/um?eid=3&uid=CAESECfqkDCig1eRflL_Uh3t1K0&google_cver=1&gdpr=0

23 B
172 B

47ms
44ms

Image
image/gif

104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESECfqkDCig1eRflL_Uh3t1K0&google_cver=1&gdpr=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCr8_wBGMjCiqcBMAE&v=APEucNVyLcSz0LPHVqwsfq7fF58gCnA35A41ej1lM1h6hSGB-vesKZJ6_ZSSl6mywP-wdVoUq_kRi7WkkAU_dMw4I9Xm1ZAwOCRFHeuk-8NdwR_bFfqd7x4
Protocol: H2
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
cache-control: max-age=0, no-cache, no-store
expires: Mon, 04 Apr 2022 14:39:00 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:38:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESECfqkDCig1eRflL_Uh3t1K0&google_cver=1&gdpr=0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 292
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 176E 23 B
172 B 130ms
44ms Image
image/gif 104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&gdpr=0&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCr8_wBGMjCiqcBMAE&v=APEucNVyLcSz0LPHVqwsfq7fF58gCnA35A41ej1lM1h6hSGB-vesKZJ6_ZSSl6mywP-wdVoUq_kRi7WkkAU_dMw4I9Xm1ZAwOCRFHeuk-8NdwR_bFfqd7x4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:38:59 GMT
cache-control: max-age=0, no-cache, no-store
expires: Mon, 04 Apr 2022 14:38:59 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9CD9 0
0 58ms
43ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstDdXqiZ4r8Tifhg_J5_ZrKtOofIJXIr5JPlka1OMLJhsw7qoGjkGhN_v9Bt0fcZevKarRgLNduDKA2MWXyzAW7zGIT0eTCRcIjaRxxgjhrM_ARSJYqELASCvnjwTocQ_CVxBBx7uvYhD_tHvXtimrf4eaVhR_fpALOqBkmKgpiEReMB3ifK-J_EPgZwSAbW48IIjBetMW5MiIEXlL5P2s_9Z3NzJCRUdpLJY85qWqytpjfS2FkopW45ObPETt5i9N5MGW6VCBbt1tjD1y9rg7A2WuUQteWtxi2KE4Mv3V8VqBfNI5i_Dnb3HRuhT2aPWa_P8x1P9k&sai=AMfl-YTkCeCj5wyVWimWABf9xkCaqc2lCw6leej9n-R1IMFnwIOQkncT-o6PU9XOXX5-7kkB8Bl4c5wXjXHYgpWeaqS2FzdcQOm77ODcKxG8&sig=Cg0ArKJSzMX0i1SnTlTdEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 14:38:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 04 Apr 2022 14:38:59 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame 9CD9 218 B
415 B 29ms
14ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=threatpost.com&callback=_gfp_s_&client=ca-pub-7500593236707325&cookie=ID%3D155ab87f274ca756%3AT%3D1649083137%3AS%3DALNI_MYdxEOrovTRxR8cNDXAOvWW_urnLg

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

a9e95c148b83923d4e0e6669ff545b764d8538bb9afd47614317ed89101a798d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 203
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 9CD9 107 B
122 B 19ms
19ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=threatpost.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 14:38:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 9CD9 107 B
122 B 22ms
21ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=threatpost.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 14:38:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A138 21 KB
10 KB 446ms
445ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=250&slotname=2376748102&adk=2477513961&adf=776186307&pi=t.ma~as.2376748102&w=300&psa=0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649083139182&bpp=8&bdt=475&idt=1524&shv=r20220330&mjsv=m202203280101&ptt=9&saldr=aa&cookie=ID%3D155ab87f274ca756%3AT%3D1649083137%3AS%3DALNI_MYdxEOrovTRxR8cNDXAOvWW_urnLg&correlator=6197558240533&frm=23&ife=4&pv=2&ga_vid=414288784.1649083137&ga_sid=1649083141&ga_hid=1130113428&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1082&ady=1551&biw=1600&bih=1200&isw=300&ish=250&ifk=1199468016&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44760475%2C44761043%2C31065971%2C21065725%2C31064019&oid=2&pvsid=3187653422567155&pem=854&tmod=1773897540&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ciw8pvy0ctg8&btvi=1&fsb=1&dtd=1585

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c0af5c7d6cc6f6093843f59f5a586e163a02964e681831a0c3177d9915d0a4c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 10404
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 14:39:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 9CD9 14 KB
10 KB 22ms
22ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220330&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203280101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7500593236707325&plah=threatpost.com&bust=31065971

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

70932860c9e56c4ca18e5d29db92f65da71009e1104a37a4a343b3fa64b47757

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 14:38:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10538
x-xss-protection: 0

GET
H3 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 1AEC 106 KB
37 KB 21ms
6ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
Origin: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sun, 03 Apr 2022 14:41:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 86236
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 04 Apr 2022 14:41:43 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/ Frame 1AEC 8 KB
3 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/omrhp.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:36:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 168
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 14:36:11 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/ Frame 1AEC 25 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/abg_lite.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a18b0faf6a447454e134730303202f8416b72f1d4f744b1d3b4646636240eb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:35:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 235
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9657
x-xss-protection: 0
server: cafe
etag: 16576748017229546422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 14:35:04 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame BF34 106 KB
37 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
Origin: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sun, 03 Apr 2022 14:41:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 86237
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 04 Apr 2022 14:41:43 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/ Frame BF34 8 KB
3 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/omrhp.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:36:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 169
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 14:36:11 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/ Frame BF34 25 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/abg_lite.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a18b0faf6a447454e134730303202f8416b72f1d4f744b1d3b4646636240eb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:35:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 236
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9657
x-xss-protection: 0
server: cafe
etag: 16576748017229546422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 14:35:04 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 527A 143 B
163 B 20ms
20ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

age: 2007
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Mon, 04 Apr 2022 14:05:33 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 50ms
16ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://threatpost.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Mon, 04 Apr 2022 14:38:59 GMT
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 1583
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/ Frame EA36
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthreatpost.com%2F&domain=threatpost.com&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=_ohSrXxyOHhxVCtPNWxaYWQrUW1HUm0xVlZjeWJwOVdtZko4YnNJWDhHQUdCalBieFpnb2sxOFZUbTJUQ1MrVzBEeXpFUElSMUdkOVBoaVB6Z29QK1VubjcyTy9wSUZTUFpsaFlza1hXTmVjK2FOc09jQjYwVkJ5Vkhxdj...

347 B
616 B

42ms
15ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=_ohSrXxyOHhxVCtPNWxaYWQrUW1HUm0xVlZjeWJwOVdtZko4YnNJWDhHQUdCalBieFpnb2sxOFZUbTJUQ1MrVzBEeXpFUElSMUdkOVBoaVB6Z29QK1VubjcyTy9wSUZTUFpsaFlza1hXTmVjK2FOc09jQjYwVkJ5VkhxdjZkTlVPaklkeUNMaG5SdWpVN2c5NmFNTUFXUUNhUVh0V2tOYklzZWNEZXJQYTY1RTFFQlc4N0svTUNNSVREYWRYb3Rmam02QTFjaHhHck8vY2Nya1BSaHJPcWJuT2VoSStzL2NrOUtvZjNwcC85ZThpTnE4PXw&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

1981e4a4a37164092a6ace169ea16b64ee73e21015cb0e23646905a7e17b61a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:38:59 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2839
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
location: https://mug.criteo.com/sid?cpp=_ohSrXxyOHhxVCtPNWxaYWQrUW1HUm0xVlZjeWJwOVdtZko4YnNJWDhHQUdCalBieFpnb2sxOFZUbTJUQ1MrVzBEeXpFUElSMUdkOVBoaVB6Z29QK1VubjcyTy9wSUZTUFpsaFlza1hXTmVjK2FOc09jQjYwVkJ5VkhxdjZkTlVPaklkeUNMaG5SdWpVN2c5NmFNTUFXUUNhUVh0V2tOYklzZWNEZXJQYTY1RTFFQlc4N0svTUNNSVREYWRYb3Rmam02QTFjaHhHck8vY2Nya1BSaHJPcWJuT2VoSStzL2NrOUtvZjNwcC85ZThpTnE4PXw&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1831
content-length: 482
expires: 0

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame EDD4 3 KB
2 KB 82ms
20ms Document
text/html 69.192.160.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.192.160.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-245.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1388
Content-Type: text/html; charset=UTF-8
Date: Mon, 04 Apr 2022 14:39:00 GMT
ETag: "e20015-b6b-5d84d0db0c30a"
Last-Modified: Fri, 18 Feb 2022 16:05:37 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 0285 52 KB
17 KB 99ms
22ms Document
text/html 69.192.160.186
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.192.160.186 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-186.deploy.static.akamaitechnologies.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Mon, 04 Apr 2022 14:39:00 GMT
ETag: "623de86a-cf34"
Expires: Tue, 05 Apr 2022 14:39:02 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame BA1A 52 KB
17 KB 124ms
25ms Document
text/html 69.192.160.186
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.192.160.186 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-186.deploy.static.akamaitechnologies.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Mon, 04 Apr 2022 14:39:00 GMT
ETag: "623de86a-cf34"
Expires: Tue, 05 Apr 2022 14:39:02 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 3CED 668 B
729 B 32ms
25ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 47b9ac2415309fb294d7e9c67dee101e9b7300bb6e3d20be0dc70ca2b0f818fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 417
content-type: text/html
date: Mon, 04 Apr 2022 14:39:00 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/18.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 5E7E 15 KB
6 KB 90ms
20ms Document
text/html 69.192.160.199
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.192.160.199 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-199.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=35230
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Mon, 04 Apr 2022 14:39:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Tue, 05 Apr 2022 00:26:10 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 4FD7 15 KB
6 KB 89ms
21ms Document
text/html 69.192.160.199
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.192.160.199 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-199.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=35230
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Mon, 04 Apr 2022 14:39:00 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Tue, 05 Apr 2022 00:26:10 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame E686 668 B
717 B 30ms
27ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 47b9ac2415309fb294d7e9c67dee101e9b7300bb6e3d20be0dc70ca2b0f818fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 417
content-type: text/html
date: Mon, 04 Apr 2022 14:39:00 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/18.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 8892 3 KB
2 KB 84ms
24ms Document
text/html 69.192.160.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid6.7.0-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.192.160.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-245.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1388
Content-Type: text/html; charset=UTF-8
Date: Mon, 04 Apr 2022 14:39:00 GMT
ETag: "e20015-b6b-5d84d0db0c30a"
Last-Modified: Fri, 18 Feb 2022 16:05:37 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server: Apache
Vary: Accept-Encoding

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 9CD9 17 KB
6 KB 840ms
839ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 14:39:00 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/12982318618422280192/fil-rouge_or_internet-internet0921_728x90_dis-iab/ Frame 20E5 115 KB
22 KB 22ms
8ms Document
text/html 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12982318618422280192/fil-rouge_or_internet-internet0921_728x90_dis-iab/index.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87929a1146516d3b5c8cfa96d0a4b8cd67a36b9449d59052c6070264d7ab3ed7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 31132
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 22793
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 06:00:08 GMT
expires: Tue, 04 Apr 2023 06:00:08 GMT
last-modified: Tue, 07 Sep 2021 20:40:59 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1AEC 0
64 B 101ms
52ms Ping
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsthm6odjgWOdcctKL-tARZ_-DYEsH3fCFnP-VAtg_8nYqg68J4pa3UIHLpm8m3jYAb25A4pwGHk7cCDuyNq6G5u7SQQEL9JyPxJzrSlGX3uDWOWA501wbMI1X9i-xWmjAAvBiLZzRwYbWFST2iX6W9Q2FGMNFhPxYBmsuLcnouE-kABV7ZmDgp-OZiG875rlh8U5FBIEjTVxdOaaa8IWFIUz68Ke-z6csOPwxjwbW38_uZvTdDnlPljqUIqB_YilgWonW0R0r9Rf-Ikko8wGEaZvj6kvlHJV7TUmZstiNXRS9lFgpL3g2M8EayPImWi8nb08DjyagSuCkXAzsnqn4lWDmKaOlabu6aGzU_BDnbAbEZ9UgVgpZZpnsjo1WOstUwuA3K7iS2-D0G_MZPyTndkBnWecdhkApwpWHWDfXYgSz-JsZl4ydPCuH9Lq9ZbD5hrmXsZLTu8kCMoeiNfjtwwjI7m5hFT6Tlf3Qi1vunNQ1u7haseLKRR7gCqtqObrHjzo1A00gxZv3Z-MITZIcRXtn0LqPlBWfG661JQr6wAZtUMePYnis6BhowA4jxRRpsjSw-ForkV3x1U4bCjMtWG4vym3CaS9cQUBQVfNow2V7pYlRqtuCXt1gLnPag0Py8fxN3R0BnxIsEXRf6zzGUQ_kyRpWlinvs_Pp_IepE0SSIDdHgL7zK-QXQ9vhijlVTA4dC8kfmF7dMbhL-1t_JKeB0hV2QWG_ACGnALAWP0lAMLV8Nrob2hFsFs5Ao6oikwrZt6UErGHKJI2IXpm_mr0YFdg65_RDiL_Z9PQO1oamOfsxQ49pW0EuVRlDJFdMgcV9qyWkiFSXXXr6d7hTV4lWAuTREpj_yG6vaOYHm2sHfQ3m4Pnlg30522eo99YXmPiD36RgRp25GzTHArm0MhG2pEQcyaPbbSAoosD5PKrts03LppJEV85NpNH0BS2QaMQJwVQbDW1A0pNhEX4--Vitn8SiYniYW724T5bwjcc6dr69ruVnzOYDqwVBAHGv_uJcx84UPzA7Nd6eqI1YMCjZ1EgFUTtAIh9UumHgjbWSJ82jAc03y1SMiZI-qzjeDxEiI9a3H_QeTpr3ifDcKcyLDY8e4qg-w01cSGoFNI9XCTxmKd_IRtRtQrkTu7SA2O8FQpvYL1fF_m9vTpdXx1cCCeqCGJoquf&sai=AMfl-YRV54MLYzYzOW9X4ZJeYQ-HAmJZbICM2zRHkKaY9FzBvgIryLMnw_GMqrXFxRt6MqB2sB6FA13wwMRNiM1d6bfIe7Nr_gQuINB9MgDvG8b2sI5iYO8plJtMeJeo_8WUAw-eWrmn9N51ZnhF6HFn9ISihi1LwPQBe5COghtYd0InfJqZMHB4xUAHV-zEor2wkoVeeLfgG7mb5mx-t2k5VYE3f0yT6UJwmAhS-bOA&sig=Cg0ArKJSzLAIC3X4LtawEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=269&cbvp=1&cstd=237&cisv=r20220330.54023&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Mon, 04 Apr 2022 14:39:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/8942916408153473024/fil-rouge_or_mobile-changermobilet22021_300x250_dis-iab/ Frame A3BC 157 KB
25 KB 8ms
7ms Document
text/html 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8942916408153473024/fil-rouge_or_mobile-changermobilet22021_300x250_dis-iab/index.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bffba79cd4f0529125a5bded2bf76584d27649a277cce3e80570ca43cb364d6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 31062
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 25661
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 06:01:18 GMT
expires: Tue, 04 Apr 2023 06:01:18 GMT
last-modified: Thu, 06 May 2021 05:20:09 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame BF34 0
622 B 48ms
48ms Ping
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvvwA3CfUROg6p66mtmk6MkT2JImadkuKSj1FY-Yp4rNM3BqJumHx-0DAG4OKMpjm8t-2W1fBveggQEkMf4n6cgY2J81T6_Kq0D17mhAm9CdaGUsDK9hTbJlCro1Oke-vmb_y5qa1uy5GJGJi0zKsk86K4iCveKyV_AzOiAR9XWpdN6WXivMeqNNO6-g3joq7RcK9J24JtfRMGLORM3xIhKWU5iXkDiOdUl9xULO4Ocxb8SM3wFEm9vRLjPs3ed2hPRDrGrST5LNq8qWEULTYrJyabZVVA_AUraZK6T1_IA-PJUzTH3vGhdSk2IvkMs85CwmmZmxWbsdl4skm6KZJudqj9j4c42j79ZWViKEM-oss0NAm8kYlufGNT7Xg6Kfe_pb8AzvtJUe-Ozk1sdgL9EDHy67a6sGTkW4eMFq952MjNmgowAVjnf1ECYwBY4_HXBvKcYj7bDObTkUqjxf69SJws0_FVBpciyEmDYyN6AYNT5uMJhqqpkW9os9ZilVDftZaHQqb4cDytlx_D5f-OoXHBoX3xnRDDelS14-RlLjtnt4nZHGvZ-OakJsg5pwb9HwtfAL2aPe57tgvSRGTfg3GLikoPUNP12Xty_zHSPruRylDfngezeL2KcdQ7dPn3jXjol7zM5id7-CE-J0eDFaDdpMYJLiI0YcHrvRxDP08SGS7DYHNqUtW4O5hCoycV4Fp4S2NMX3MfdlSYKWlv9LkK7OZhw0vV6gjed3ei-aKcyEGKolMXdhSjsRd5F0age-qV8g97vBSfevIQp1PWbBwPMLw_reepKZmU43S3UMCML8ef80r-AbzVqS4FqFCHauaAC8lt1orKLUw2MgIvY9zP8wQKDzzGZEUjQOvYF7KsUXsx2Z4NVFSdbIbZiqXAiqOVoGkjdFnLkuDU2BW9cMP3IP-EASYde_3e2Bc5xeuABTjFZ0xr3IdErPBz-QXuM_2LNZ2kYXIxxjVY__rGehbJSlsXMyLnK7xdyAXjzqduTPVKaeUbSmMAfRWuetpMFlrKDdrMYFxtrTwJ9oe2FEt-azOy1fffg4u2jpBXIhL--MVrc_bVpjH-3jVQ72bwC36gGs8M1W2BoH9CpOIx_xwmYxRO1RJD9LQy_MXUNxvKumvoifc4XTtVXBVRQ4ykALQrWSiYTwH91OwURtMb6s9F2a4dAcQijJl_5XoxMr9c&sai=AMfl-YR_aEByn8XxklHnZGQI06mkVBmAHUrStvPImEGpUqRsi2DwkZa_UfYDvQWJAtmn1qGY7R_eyCqUMPFbpYpYrVjuix5PyACbic2sqhRqxzOzmxvMClFGRIUwB0zBe-Gl__qtOMlWE9W2tyQM2iHLVOSonPu1sHZQpYoN-bwhGIs0OHAYGdVLrpc6yz5RsXtYKBJYJQ4V52yp1jENUr499yBnEX9v4kvNrRK6Qvt3&sig=Cg0ArKJSzOccbX3QACuvEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=196&cbvp=1&cstd=165&cisv=r20220330.54611&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Mon, 04 Apr 2022 14:39:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 55ms
14ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Mon, 04 Apr 2022 14:39:00 GMT
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 1093
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 3CED
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=620d624b-0303-4f00-a88b-a338aac875b9

43 B
106 B

32ms
25ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=620d624b-0303-4f00-a88b-a338aac875b9
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
via: 1.1 google
server: OXGW/18.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Mon, 04 Apr 2022 14:39:00 GMT
Server: MT3 4320 2f2dfe5 master zrh-pixel-x30 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=620d624b-0303-4f00-a88b-a338aac875b9
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 04 Apr 2022 14:38:59 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 3CED
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=ALSFMwa1gWEbsoMwVLWcMA-1hWQbv9dkD7HZ7rFi

43 B
61 B

22ms
22ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&&val=ALSFMwa1gWEbsoMwVLWcMA-1hWQbv9dkD7HZ7rFi
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
via: 1.1 google
server: OXGW/18.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&&val=ALSFMwa1gWEbsoMwVLWcMA-1hWQbv9dkD7HZ7rFi
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

sd
eu-u.openx.net/w/1.0/ Frame 3CED
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2816406467213944867

43 B
61 B

31ms
31ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2816406467213944867
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
via: 1.1 google
server: OXGW/18.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2816406467213944867
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame 3CED 70 B
264 B 100ms
30ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=6e494e2e-57a1-771d-dd8a-74f1adc95bac&gdpr=0
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 3CED 170 B
188 B 17ms
16ms Image
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NDIyNjlkZTQtOWVkNi0yOWI5LWM4NmEtMmU0ODY3MmI5NWNj

Requested by

Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 3CED
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENhJzeyum4yeQo9-knoBd0g&google_cver=1

43 B
61 B

23ms
23ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENhJzeyum4yeQo9-knoBd0g&google_cver=1
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
via: 1.1 google
server: OXGW/18.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENhJzeyum4yeQo9-knoBd0g&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame E686
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=613a624b-0304-4300-ab1f-1c2ce15bc642

43 B
114 B

30ms
23ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=613a624b-0304-4300-ab1f-1c2ce15bc642
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
via: 1.1 google
server: OXGW/18.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Mon, 04 Apr 2022 14:39:00 GMT
Server: MT3 4320 2f2dfe5 master zrh-pixel-x27 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=613a624b-0304-4300-ab1f-1c2ce15bc642
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 04 Apr 2022 14:38:59 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame E686
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072956&&val=ALSFMwa1gWEbsoMwVLWcMA-1hWQbv9dkD7HZ7rFi

43 B
61 B

23ms
23ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&&val=ALSFMwa1gWEbsoMwVLWcMA-1hWQbv9dkD7HZ7rFi
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
via: 1.1 google
server: OXGW/18.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&&val=ALSFMwa1gWEbsoMwVLWcMA-1hWQbv9dkD7HZ7rFi
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

sd
eu-u.openx.net/w/1.0/ Frame E686
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5535059824318979941

43 B
61 B

23ms
23ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5535059824318979941
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
via: 1.1 google
server: OXGW/18.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5535059824318979941
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame E686 70 B
265 B 97ms
30ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=6e494e2e-57a1-771d-dd8a-74f1adc95bac&gdpr=0
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame E686 170 B
188 B 16ms
15ms Image
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NDIyNjlkZTQtOWVkNi0yOWI5LWM4NmEtMmU0ODY3MmI5NWNj

Requested by

Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame E686
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENhJzeyum4yeQo9-knoBd0g&google_cver=1

43 B
61 B

25ms
25ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENhJzeyum4yeQo9-knoBd0g&google_cver=1
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
via: 1.1 google
server: OXGW/18.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENhJzeyum4yeQo9-knoBd0g&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 1AEC 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 06:39:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 374386
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 31 Mar 2023 06:39:14 GMT

GET
DATA 200
OK truncated
/ Frame 1AEC 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a30f03018680346c0ead70e1055a0f0c511017488f3c900ef491481073faf29

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame BF34 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 06:39:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 374386
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 31 Mar 2023 06:39:14 GMT

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame 20E5 236 KB
63 KB 83ms
22ms Script
text/javascript 2a02:26f0:3500:11::215:14dc
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12982318618422280192/fil-rouge_or_internet-internet0921_728x90_dis-iab/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:3500:11::215:14dc Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:00 GMT
content-encoding: gzip
server: Apache
cache-control: max-age=900
vary: Accept-Encoding
content-type: text/javascript
x-n: S
accept-ranges: bytes
expires: Mon, 04 Apr 2022 14:54:00 GMT

GET
DATA 200
OK truncated
/ Frame BF34 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a6a4133176a2643a5954bc282949de2990bb0822774de8e0bd808cd25b6ad1d7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame A3BC 236 KB
63 KB 68ms
24ms Script
text/javascript 2a02:26f0:3500:11::215:14dc
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8942916408153473024/fil-rouge_or_mobile-changermobilet22021_300x250_dis-iab/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:3500:11::215:14dc Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:00 GMT
content-encoding: gzip
server: Apache
cache-control: max-age=900
vary: Accept-Encoding
content-type: text/javascript
x-n: S
accept-ranges: bytes
expires: Mon, 04 Apr 2022 14:54:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 0285 0
741 B 10ms
9ms Script
text/html 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:00 GMT
X-Proxy-Origin: 217.64.151.9; 217.64.151.9; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 2f85756d-79c6-4ecc-bb4b-b4478fa33595
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 527A
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

61ms
61ms

Document
text/html

2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 04 Apr 2022 14:39:00 GMT
expires: Mon, 04 Apr 2022 14:39:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 04 Apr 2022 14:39:00 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame BA1A 0
741 B 66ms
66ms Script
text/html 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:00 GMT
X-Proxy-Origin: 217.64.151.9; 217.64.151.9; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 6a0949e5-176c-4006-9f87-b94b5f72d873
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 50EF 586 B
315 B 18ms
17ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIvVChDJgxMYiNLdxgEwAQ&v=APEucNU8w1EmqWOIta1blw9E78DyPVaBSUnlmkmY3upywoWbVgybjkOF24e5a4_IMtCGRJKGqllQTzhvIbbkF6De2wFKlq_q3UW-h6mQJQGgJEgv4Kjx8BcXL46tUZJa81rWnk2VnHN8bQA-qCpFg6KVDpz00Jz8karMwpRc5ziaVDa5PDA0oPY

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=250&slotname=2376748102&adk=2477513961&adf=776186307&pi=t.ma~as.2376748102&w=300&psa=0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649083139182&bpp=8&bdt=475&idt=1524&shv=r20220330&mjsv=m202203280101&ptt=9&saldr=aa&cookie=ID%3D155ab87f274ca756%3AT%3D1649083137%3AS%3DALNI_MYdxEOrovTRxR8cNDXAOvWW_urnLg&correlator=6197558240533&frm=23&ife=4&pv=2&ga_vid=414288784.1649083137&ga_sid=1649083141&ga_hid=1130113428&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1082&ady=1551&biw=1600&bih=1200&isw=300&ish=250&ifk=1199468016&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44760475%2C44761043%2C31065971%2C21065725%2C31064019&oid=2&pvsid=3187653422567155&pem=854&tmod=1773897540&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ciw8pvy0ctg8&btvi=1&fsb=1&dtd=1585

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f12c6133a12eead81c368fe146cb489bdb7331b5e3b5ceb9ea52eac1e3feb815

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=250&slotname=2376748102&adk=2477513961&adf=776186307&pi=t.ma~as.2376748102&w=300&psa=0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649083139182&bpp=8&bdt=475&idt=1524&shv=r20220330&mjsv=m202203280101&ptt=9&saldr=aa&cookie=ID%3D155ab87f274ca756%3AT%3D1649083137%3AS%3DALNI_MYdxEOrovTRxR8cNDXAOvWW_urnLg&correlator=6197558240533&frm=23&ife=4&pv=2&ga_vid=414288784.1649083137&ga_sid=1649083141&ga_hid=1130113428&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1082&ady=1551&biw=1600&bih=1200&isw=300&ish=250&ifk=1199468016&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44760475%2C44761043%2C31065971%2C21065725%2C31064019&oid=2&pvsid=3187653422567155&pem=854&tmod=1773897540&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ciw8pvy0ctg8&btvi=1&fsb=1&dtd=1585
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 294
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 14:39:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F069 76 KB
32 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BzaTvEw9QYWFTwmiqR0AvhmWWHUTTruladPLXx1CpFJeLbmv_i6755Tu2lJEGTVLqevA8iY45rshp2XX2kVgCFEYXdDzWc21wip4YPXrd1glN5n0vSgwxj1DX9C5wOD4eQMhzLHrtwyLXNRqfJ31hbEEvAjA&dbm_d=AKAmf-B5Uwmr-fJ8_DZY5rBWFT2F8CN-Qwoy8ffvEqqFAHCF8noK_mSuP8MnCqt2Cw6XhRn5t11JN8h3urj68pKcjzJSZPZTWe0b21kZ6WNadMNgnlRx_w7PXtLRgU947fUqB-wMdZz3OIV9-WVd5Q0ZfwybDcQ0ojDQPxXD45OWEGTxJ4TJ6VNxh3fzQBv70s6T0-1RIWsR4zM7RhwnGcyqi0JamGsrfdpDqrzQdEOfBqKH_n2Mbuu0_QNxVSyKPaWycj31XZdaxn43Z-zqMZlIFgYMgngGYLYb-dypnX9qsk4aVdGPb_ljYep3pyCQ-PoHmxoRD2ztZEeUWGbHb_E6j_-M9TDK97JolBDetg_dMmUqCXlbkup8BNBBioolT9u9T5H8Z1MgAI7jzf9CYosNE7NhPM1xupUtZk1-t7eAQ-qCxSNt4Jy9XmvgSibaUvl1ykOcG30Ju90XkhBVWzE7atCHtEM-nCCw7rjDQdJsI7ArCSm5GPVgjyVsMRId23oHnhwNoP05da6qcjR0TbQCnh-w6R3kvcs9h0goHI0RdaxeFViMwWx5_Bjil1lKhe_7u8dK_dp1UaLdNuDQSWJUYdEgIAeZv7mgLvNaVcsuPL7TumM-_0WaYyccdVIB5J6X7BJvDs-Sc6k6Rzje8zEbM74VtNVGzlZEYv7HvqiIAhk8AgcuujnEMK7oe_H-zmkiHxrAH8SnNoSlXIq864A9jhB01OqjtTWhMwPTXBFHDe6Ca7UA0wdY0xNY-dpLL7F5O5qWdI8YHizYlDVpsvK3j1p46aVMqUBGs36li7rdAq8mTeRx3xF1F4UTZLlE167VWBOinNvXBVR85kyVYk2IZedhsbS6FVRrch76-wYSBNi1Uni3hFG78K5bwOF5SsbhPiWeIc-PkKkOIbGDdXV_2M1lBv7X5ts1ROqUuO8jQmNlgOygZi-NaFlhcQumGOhsgSRe0TrG6LeI2ZTCj_qNWGyEJDj4gKhCXIar9BvK9JtsWAESoaLtD1EU-poCUPy_J6oo2eJilaoROD_rDeURyiDCY8ewvZ7D5Mlq9N_-FnUL8xf32KedK9HDgzlKjLzENWyL480xDoKzEI7E5HzhjWb4T3wImHAcwLU4y9T0bd8RviR_efyQo-lIFoQ3ScAz45oftVOC4RyOA-Wh9Jpcjz6kTgtbp34zbdlgSkMYzLf8opNmJJ0YkIjjH1BvcAqEQlPYVfD-lnGZlGEyeUXBK7-eUXnZC5gAnsIygQfA8vSG90wT34gROViRAwbQ-c-A6V_K8BjLtXYakqI3G8RpVEJrFbIMZ2ONJ4yD1zgNIB9AZFwCRVrU6ggiBbEg2UlSO8ZZdSiw-CA7bAIkV6XsPBvttT6kQbqUdyl4PJSIeGnIWBDm2pA4_07EtyuZo8UkGZJNhiU0eipPI9JCQo1fv3af-RW_dB_QNI5kbRnpCQhvdAQ323RojEkx2PnwVy4sxSr5gieKyAwiF4RWkCnT04n9SNTC-VTRcOmx9GULC-XsNjqswdP0mgyZ-XVnIb489dWfrXDZ2iAW8g4KzWYHFHaHE9bxwc0G1PMd-i31LNjj0kfv2A5B40v1VqqvFRUc1ugbKv5Lszn1uCztHGSfHKxVoECjvWEDeQE5qHNe7Gh7kCBzVM_O-zO1ej6TvjT-gAjSbskfeaHsrP3vjA0-czSVfw0we30HwD1HFQ4blKV128csnzckY8974d41bzg7hbDbXrvbH2Np1fAnA0ilD-VR4v3fZNWTOzRDwzrCw1L1ReFB8zdGqoC6D3m0vnj-vc0lm5Bu3ko0pSlehSjll7f1Yzgx3Xf6mhsdyLbBg07hIdH8hMu4UX-ah5-hqKecJilpLOJ3b0zQ5TBCinpiBVS-q48nqK3KSxcbUxgx7BTj6UxbhtZ6sboEONmOFLpPpf4nF4mn7b052rWuPp0Tue0fPMfpZaFtiaXtq6ghoNThu4eotQ6vNMdZubyRpOcz__pM2JGf5bsMEj2c2ckogrxlN5QMSbPx8E83ddrblvzcqu_ZnHPcbOyOZGkti5u5_mLjm_kwbxLMGGQl923pE6S_wMtsFRLt-foifhdHCnizyAnbSqPVuKdlzxJaAkvi6Uy02Ce_fo6V673kVGq4cfsXxkpiSksMKYk5b_j5AKaMkH8L2pR9RXSjeBD5NXQI0VdJcUo6g7HBd3cDehUk9r-1hicdbSq0ipacEjStYlAjtIw_Y4eWqblcprfAZC8pBKCO6-Gjam_1oV6oGjV8HhFCWyZpljJ4PGoMCSkvT1JNkM7MGl-zFdCqn7Ac0fZeR03F2C_GWAVnavQrjH9Os4CWu_BXUYXS34-afR-RkJbjL7CGCIjIJqL31zaP48I1Ac7zfjR7vkzI8eJZ8AozQStFuVdZRrsS0E3ZZX6SX4VVeRCLJaPhfJB817yVcMnu7FM4EOg3iDHKGzSjdKSC9NQAq52mmdJk8IAlpfbPZsM92iyjppW6OiqHhYNricfLa9iGsH9Z54Ig9K3vXOrz-AeZUA-dhRlYBuOTAS5WMDUutTMoABl94sGZnGQqiq8BIGAQBM0959SQxm8bxeE1v7Rn9zdvFTK_iwUd3Sd0cnBjkO5M12TZu4uH6oNe8te_HcC1OT-OEHJ_iGlcXX64cKoi5U_fDvh5UL-jNWx2Uxp2Pg8no6EgINQcsW6vw8vlTfcg04zny_906UQhWi84ET-erY4Saquf2ryB8_1B6WEkunTaYDqjvi3hhbhbWT3MYgS4rBPWZgIU9ondNIncOGRTQheGZBELsHM6B3Vsf9oz9TIkNA8_3g-szmJNEs_zf30o_Pzxsf5ohBbuK4rJrg1P4mTif390oYKznE4FacUmIXJQhGjofeWQrdTaNKhx2NsNj3XyCDMBNkKcCFFR2dfTtCmpzA8i9MX83Do_zsAh9BpMFMlKuRsCfn6ACpeW8vJeo3w75xm2Shb6be6a249T7zG6DAOqFCZn-e0Ysfvw8TNy2hj-jq1r05YSzHuWoPJJnfiOsTwTFQWJp7DAygoTt63A89ikmNuFB5Fi8QR4ooB9k7z6_jRQxldbniPsr86B2J-Z7EAx2cuh3I4R2Hmq_kXt3hcF1EAqQlOhXVfHYv6GUbsNcipgKRx84B3QKSEi8Vs5FIqpkPKvaKGr8H8DdDWxPAkM6p7rHtDsy0uSC2AmNcmGjFa-JbFEb1E9ztdFwEQ9VxOEuW2tQr7UrBtlgirW1yg8KLahj-0io9gtCv8jqvkc6iXvMAdeQBX2aWQdOTyiPbIetlx-EAYScLwmMJzK6Q&cid=CAASJORowqIQ8bKMvSm5EG6fF_vTN2RxbNtrJwJMUx1QnYJ2YH9Cjg&rfl=3%2Chttps%253A%252F%252Fthreatpost.com%242%2Chttps%253A%252F%252Fthreatpost.com%252F%240

Requested by

Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

337ee726cff06c3298952e9e614ac81cadd6c5542680480fde8085a3cfb3d635

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=250&slotname=2376748102&adk=2477513961&adf=776186307&pi=t.ma~as.2376748102&w=300&psa=0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649083139182&bpp=8&bdt=475&idt=1524&shv=r20220330&mjsv=m202203280101&ptt=9&saldr=aa&cookie=ID%3D155ab87f274ca756%3AT%3D1649083137%3AS%3DALNI_MYdxEOrovTRxR8cNDXAOvWW_urnLg&correlator=6197558240533&frm=23&ife=4&pv=2&ga_vid=414288784.1649083137&ga_sid=1649083141&ga_hid=1130113428&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1082&ady=1551&biw=1600&bih=1200&isw=300&ish=250&ifk=1199468016&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44760475%2C44761043%2C31065971%2C21065725%2C31064019&oid=2&pvsid=3187653422567155&pem=854&tmod=1773897540&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ciw8pvy0ctg8&btvi=1&fsb=1&dtd=1585
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32922
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame F069 2 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:35:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 210
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 14:35:30 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F069 119 KB
36 KB 21ms
21ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 14:39:00 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame F069 15 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:38:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 14:38:52 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame F069 0
0 16ms
16ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQwim5NML5Y0AWAEaneYDL_EmebnElaIR9ey1nYgPdiAgFn12TS67xQrcn6f2-j-nM4V7pryHwlqFBIuX28n1kVQTCUpw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=250&slotname=2376748102&adk=2477513961&adf=776186307&pi=t.ma~as.2376748102&w=300&psa=0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649083139182&bpp=8&bdt=475&idt=1524&shv=r20220330&mjsv=m202203280101&ptt=9&saldr=aa&cookie=ID%3D155ab87f274ca756%3AT%3D1649083137%3AS%3DALNI_MYdxEOrovTRxR8cNDXAOvWW_urnLg&correlator=6197558240533&frm=23&ife=4&pv=2&ga_vid=414288784.1649083137&ga_sid=1649083141&ga_hid=1130113428&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1082&ady=1551&biw=1600&bih=1200&isw=300&ish=250&ifk=1199468016&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44760475%2C44761043%2C31065971%2C21065725%2C31064019&oid=2&pvsid=3187653422567155&pem=854&tmod=1773897540&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ciw8pvy0ctg8&btvi=1&fsb=1&dtd=1585
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F069 42 B
63 B 39ms
39ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AH4SH2xUvQqSRiY8lX7M0RLaRP0j-AKQ4R9PYZBdNdqcsjz2BCePZaqAIIijq15Wyj3TYVo5wSftGeDJqnBwaIY8qJbOiNL0y_yhb5qws_0uZwNU0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame E4C8 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 30272
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 06:14:28 GMT
expires: Tue, 04 Apr 2023 06:14:28 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame F357 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 30272
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 06:14:28 GMT
expires: Tue, 04 Apr 2023 06:14:28 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 50EF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEB-54P075eJAGj-S4bK8xnE&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEB-54P075eJAGj-S4bK8xnE&google_cver=1&__user_check__=1&sync_id=f7900ea9-b424-11ec-be73-1d37f49c0306

43 B
548 B

21ms
21ms

Image
image/gif

185.94.180.125
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEB-54P075eJAGj-S4bK8xnE&google_cver=1&__user_check__=1&sync_id=f7900ea9-b424-11ec-be73-1d37f49c0306
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIvVChDJgxMYiNLdxgEwAQ&v=APEucNU8w1EmqWOIta1blw9E78DyPVaBSUnlmkmY3upywoWbVgybjkOF24e5a4_IMtCGRJKGqllQTzhvIbbkF6De2wFKlq_q3UW-h6mQJQGgJEgv4Kjx8BcXL46tUZJa81rWnk2VnHN8bQA-qCpFg6KVDpz00Jz8karMwpRc5ziaVDa5PDA0oPY
Protocol: HTTP/1.1
Server: 185.94.180.125 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 14:39:00 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 16
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Mon, 04 Apr 2022 14:39:00 GMT
Server: nginx
Location: /partner?adv_id=7025&uid=CAESEB-54P075eJAGj-S4bK8xnE&google_cver=1&__user_check__=1&sync_id=f7900ea9-b424-11ec-be73-1d37f49c0306
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 14
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 50EF
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Zjc5MDFjNTMtYjQyNC0xMWVjLWFkM2EtMTQ2MDRkZjAwMzA2

170 B
188 B

20ms
19ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Zjc5MDFjNTMtYjQyNC0xMWVjLWFkM2EtMTQ2MDRkZjAwMzA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIvVChDJgxMYiNLdxgEwAQ&v=APEucNU8w1EmqWOIta1blw9E78DyPVaBSUnlmkmY3upywoWbVgybjkOF24e5a4_IMtCGRJKGqllQTzhvIbbkF6De2wFKlq_q3UW-h6mQJQGgJEgv4Kjx8BcXL46tUZJa81rWnk2VnHN8bQA-qCpFg6KVDpz00Jz8karMwpRc5ziaVDa5PDA0oPY

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 04 Apr 2022 14:39:00 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=Zjc5MDFjNTMtYjQyNC0xMWVjLWFkM2EtMTQ2MDRkZjAwMzA2
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 66
Connection: keep-alive
Content-Length: 0

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55946/ Frame 50EF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm&google_dbm&_origin=1
https://pixel.advertising.com/ups/55946/sync?uid=CAESEMQqrsYJJELTFV-TyPfEsPQ&_origin=1&google_cver=1
https://pixel.advertising.com/ups/55946/sync?uid=CAESEMQqrsYJJELTFV-TyPfEsPQ&_origin=1&google_cver=1&verify=true
https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEMQqrsYJJELTFV-TyPfEsPQ&_origin=1&google_cver=1&apid=UPf78d2eef-b424-11ec-a461-02c4a1bc5354
https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEMQqrsYJJELTFV-TyPfEsPQ&_origin=1&google_cver=1&apid=UPf78d2eef-b424-11ec-a461-02c4a1bc5354&verify=true

0
18 B

12ms
11ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEMQqrsYJJELTFV-TyPfEsPQ&_origin=1&google_cver=1&apid=UPf78d2eef-b424-11ec-a461-02c4a1bc5354&verify=true

Requested by

Protocol

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.33 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:00 GMT
server: ATS/9.1.0.33
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESEMQqrsYJJELTFV-TyPfEsPQ&_origin=1&google_cver=1&apid=UPf78d2eef-b424-11ec-a461-02c4a1bc5354&verify=true
date: Mon, 04 Apr 2022 14:39:00 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 50EF
Redirect Chain

https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true
https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/55946/sync?_origin=1&redir=true&apid=UPf78d2eef-b424-11ec-a461-02c4a1bc5354
https://ups.analytics.yahoo.com/ups/55946/sync?_origin=1&redir=true&apid=UPf78d2eef-b424-11ec-a461-02c4a1bc5354&verify=true
https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVBmNzhkMmVlZi1iNDI0LTExZWMtYTQ2MS0wMmM0YTFiYzUzNTQ%3D

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVBmNzhkMmVlZi1iNDI0LTExZWMtYTQ2MS0wMmM0YTFiYzUzNTQ%3D

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVBmNzhkMmVlZi1iNDI0LTExZWMtYTQ2MS0wMmM0YTFiYzUzNTQ%3D
date: Mon, 04 Apr 2022 14:39:00 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame F069 106 KB
37 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sun, 03 Apr 2022 14:41:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 86237
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 04 Apr 2022 14:41:43 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/ Frame F069 8 KB
3 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BzaTvEw9QYWFTwmiqR0AvhmWWHUTTruladPLXx1CpFJeLbmv_i6755Tu2lJEGTVLqevA8iY45rshp2XX2kVgCFEYXdDzWc21wip4YPXrd1glN5n0vSgwxj1DX9C5wOD4eQMhzLHrtwyLXNRqfJ31hbEEvAjA&dbm_d=AKAmf-B5Uwmr-fJ8_DZY5rBWFT2F8CN-Qwoy8ffvEqqFAHCF8noK_mSuP8MnCqt2Cw6XhRn5t11JN8h3urj68pKcjzJSZPZTWe0b21kZ6WNadMNgnlRx_w7PXtLRgU947fUqB-wMdZz3OIV9-WVd5Q0ZfwybDcQ0ojDQPxXD45OWEGTxJ4TJ6VNxh3fzQBv70s6T0-1RIWsR4zM7RhwnGcyqi0JamGsrfdpDqrzQdEOfBqKH_n2Mbuu0_QNxVSyKPaWycj31XZdaxn43Z-zqMZlIFgYMgngGYLYb-dypnX9qsk4aVdGPb_ljYep3pyCQ-PoHmxoRD2ztZEeUWGbHb_E6j_-M9TDK97JolBDetg_dMmUqCXlbkup8BNBBioolT9u9T5H8Z1MgAI7jzf9CYosNE7NhPM1xupUtZk1-t7eAQ-qCxSNt4Jy9XmvgSibaUvl1ykOcG30Ju90XkhBVWzE7atCHtEM-nCCw7rjDQdJsI7ArCSm5GPVgjyVsMRId23oHnhwNoP05da6qcjR0TbQCnh-w6R3kvcs9h0goHI0RdaxeFViMwWx5_Bjil1lKhe_7u8dK_dp1UaLdNuDQSWJUYdEgIAeZv7mgLvNaVcsuPL7TumM-_0WaYyccdVIB5J6X7BJvDs-Sc6k6Rzje8zEbM74VtNVGzlZEYv7HvqiIAhk8AgcuujnEMK7oe_H-zmkiHxrAH8SnNoSlXIq864A9jhB01OqjtTWhMwPTXBFHDe6Ca7UA0wdY0xNY-dpLL7F5O5qWdI8YHizYlDVpsvK3j1p46aVMqUBGs36li7rdAq8mTeRx3xF1F4UTZLlE167VWBOinNvXBVR85kyVYk2IZedhsbS6FVRrch76-wYSBNi1Uni3hFG78K5bwOF5SsbhPiWeIc-PkKkOIbGDdXV_2M1lBv7X5ts1ROqUuO8jQmNlgOygZi-NaFlhcQumGOhsgSRe0TrG6LeI2ZTCj_qNWGyEJDj4gKhCXIar9BvK9JtsWAESoaLtD1EU-poCUPy_J6oo2eJilaoROD_rDeURyiDCY8ewvZ7D5Mlq9N_-FnUL8xf32KedK9HDgzlKjLzENWyL480xDoKzEI7E5HzhjWb4T3wImHAcwLU4y9T0bd8RviR_efyQo-lIFoQ3ScAz45oftVOC4RyOA-Wh9Jpcjz6kTgtbp34zbdlgSkMYzLf8opNmJJ0YkIjjH1BvcAqEQlPYVfD-lnGZlGEyeUXBK7-eUXnZC5gAnsIygQfA8vSG90wT34gROViRAwbQ-c-A6V_K8BjLtXYakqI3G8RpVEJrFbIMZ2ONJ4yD1zgNIB9AZFwCRVrU6ggiBbEg2UlSO8ZZdSiw-CA7bAIkV6XsPBvttT6kQbqUdyl4PJSIeGnIWBDm2pA4_07EtyuZo8UkGZJNhiU0eipPI9JCQo1fv3af-RW_dB_QNI5kbRnpCQhvdAQ323RojEkx2PnwVy4sxSr5gieKyAwiF4RWkCnT04n9SNTC-VTRcOmx9GULC-XsNjqswdP0mgyZ-XVnIb489dWfrXDZ2iAW8g4KzWYHFHaHE9bxwc0G1PMd-i31LNjj0kfv2A5B40v1VqqvFRUc1ugbKv5Lszn1uCztHGSfHKxVoECjvWEDeQE5qHNe7Gh7kCBzVM_O-zO1ej6TvjT-gAjSbskfeaHsrP3vjA0-czSVfw0we30HwD1HFQ4blKV128csnzckY8974d41bzg7hbDbXrvbH2Np1fAnA0ilD-VR4v3fZNWTOzRDwzrCw1L1ReFB8zdGqoC6D3m0vnj-vc0lm5Bu3ko0pSlehSjll7f1Yzgx3Xf6mhsdyLbBg07hIdH8hMu4UX-ah5-hqKecJilpLOJ3b0zQ5TBCinpiBVS-q48nqK3KSxcbUxgx7BTj6UxbhtZ6sboEONmOFLpPpf4nF4mn7b052rWuPp0Tue0fPMfpZaFtiaXtq6ghoNThu4eotQ6vNMdZubyRpOcz__pM2JGf5bsMEj2c2ckogrxlN5QMSbPx8E83ddrblvzcqu_ZnHPcbOyOZGkti5u5_mLjm_kwbxLMGGQl923pE6S_wMtsFRLt-foifhdHCnizyAnbSqPVuKdlzxJaAkvi6Uy02Ce_fo6V673kVGq4cfsXxkpiSksMKYk5b_j5AKaMkH8L2pR9RXSjeBD5NXQI0VdJcUo6g7HBd3cDehUk9r-1hicdbSq0ipacEjStYlAjtIw_Y4eWqblcprfAZC8pBKCO6-Gjam_1oV6oGjV8HhFCWyZpljJ4PGoMCSkvT1JNkM7MGl-zFdCqn7Ac0fZeR03F2C_GWAVnavQrjH9Os4CWu_BXUYXS34-afR-RkJbjL7CGCIjIJqL31zaP48I1Ac7zfjR7vkzI8eJZ8AozQStFuVdZRrsS0E3ZZX6SX4VVeRCLJaPhfJB817yVcMnu7FM4EOg3iDHKGzSjdKSC9NQAq52mmdJk8IAlpfbPZsM92iyjppW6OiqHhYNricfLa9iGsH9Z54Ig9K3vXOrz-AeZUA-dhRlYBuOTAS5WMDUutTMoABl94sGZnGQqiq8BIGAQBM0959SQxm8bxeE1v7Rn9zdvFTK_iwUd3Sd0cnBjkO5M12TZu4uH6oNe8te_HcC1OT-OEHJ_iGlcXX64cKoi5U_fDvh5UL-jNWx2Uxp2Pg8no6EgINQcsW6vw8vlTfcg04zny_906UQhWi84ET-erY4Saquf2ryB8_1B6WEkunTaYDqjvi3hhbhbWT3MYgS4rBPWZgIU9ondNIncOGRTQheGZBELsHM6B3Vsf9oz9TIkNA8_3g-szmJNEs_zf30o_Pzxsf5ohBbuK4rJrg1P4mTif390oYKznE4FacUmIXJQhGjofeWQrdTaNKhx2NsNj3XyCDMBNkKcCFFR2dfTtCmpzA8i9MX83Do_zsAh9BpMFMlKuRsCfn6ACpeW8vJeo3w75xm2Shb6be6a249T7zG6DAOqFCZn-e0Ysfvw8TNy2hj-jq1r05YSzHuWoPJJnfiOsTwTFQWJp7DAygoTt63A89ikmNuFB5Fi8QR4ooB9k7z6_jRQxldbniPsr86B2J-Z7EAx2cuh3I4R2Hmq_kXt3hcF1EAqQlOhXVfHYv6GUbsNcipgKRx84B3QKSEi8Vs5FIqpkPKvaKGr8H8DdDWxPAkM6p7rHtDsy0uSC2AmNcmGjFa-JbFEb1E9ztdFwEQ9VxOEuW2tQr7UrBtlgirW1yg8KLahj-0io9gtCv8jqvkc6iXvMAdeQBX2aWQdOTyiPbIetlx-EAYScLwmMJzK6Q&cid=CAASJORowqIQ8bKMvSm5EG6fF_vTN2RxbNtrJwJMUx1QnYJ2YH9Cjg&rfl=3%2Chttps%253A%252F%252Fthreatpost.com%242%2Chttps%253A%252F%252Fthreatpost.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:36:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 169
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 14:36:11 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/ Frame F069 25 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a18b0faf6a447454e134730303202f8416b72f1d4f744b1d3b4646636240eb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:35:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 236
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9657
x-xss-protection: 0
server: cafe
etag: 16576748017229546422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 14:35:04 GMT

GET
H3 200 _300x33511.png
s0.2mdn.net/sadbundle/12982318618422280192/fil-rouge_or_internet-internet0921_728x90_dis-iab/images/ Frame 20E5 18 KB
18 KB 9ms
8ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12982318618422280192/fil-rouge_or_internet-internet0921_728x90_dis-iab/images/_300x33511.png?1628858458104

Requested by

Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20705cd7eabc01af8518d61a3c1e878d5c49d89465892c1d2909615a6be13d95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12982318618422280192/fil-rouge_or_internet-internet0921_728x90_dis-iab/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 06:06:17 GMT
x-content-type-options: nosniff
age: 30763
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18458
x-xss-protection: 0
last-modified: Tue, 07 Sep 2021 20:40:59 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 06:06:17 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1AEC 0
26 B 58ms
43ms Ping
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsthm6odjgWOdcctKL-tARZ_-DYEsH3fCFnP-VAtg_8nYqg68J4pa3UIHLpm8m3jYAb25A4pwGHk7cCDuyNq6G5u7SQQEL9JyPxJzrSlGX3uDWOWA501wbMI1X9i-xWmjAAvBiLZzRwYbWFST2iX6W9Q2FGMNFhPxYBmsuLcnouE-kABV7ZmDgp-OZiG875rlh8U5FBIEjTVxdOaaa8IWFIUz68Ke-z6csOPwxjwbW38_uZvTdDnlPljqUIqB_YilgWonW0R0r9Rf-Ikko8wGEaZvj6kvlHJV7TUmZstiNXRS9lFgpL3g2M8EayPImWi8nb08DjyagSuCkXAzsnqn4lWDmKaOlabu6aGzU_BDnbAbEZ9UgVgpZZpnsjo1WOstUwuA3K7iS2-D0G_MZPyTndkBnWecdhkApwpWHWDfXYgSz-JsZl4ydPCuH9Lq9ZbD5hrmXsZLTu8kCMoeiNfjtwwjI7m5hFT6Tlf3Qi1vunNQ1u7haseLKRR7gCqtqObrHjzo1A00gxZv3Z-MITZIcRXtn0LqPlBWfG661JQr6wAZtUMePYnis6BhowA4jxRRpsjSw-ForkV3x1U4bCjMtWG4vym3CaS9cQUBQVfNow2V7pYlRqtuCXt1gLnPag0Py8fxN3R0BnxIsEXRf6zzGUQ_kyRpWlinvs_Pp_IepE0SSIDdHgL7zK-QXQ9vhijlVTA4dC8kfmF7dMbhL-1t_JKeB0hV2QWG_ACGnALAWP0lAMLV8Nrob2hFsFs5Ao6oikwrZt6UErGHKJI2IXpm_mr0YFdg65_RDiL_Z9PQO1oamOfsxQ49pW0EuVRlDJFdMgcV9qyWkiFSXXXr6d7hTV4lWAuTREpj_yG6vaOYHm2sHfQ3m4Pnlg30522eo99YXmPiD36RgRp25GzTHArm0MhG2pEQcyaPbbSAoosD5PKrts03LppJEV85NpNH0BS2QaMQJwVQbDW1A0pNhEX4--Vitn8SiYniYW724T5bwjcc6dr69ruVnzOYDqwVBAHGv_uJcx84UPzA7Nd6eqI1YMCjZ1EgFUTtAIh9UumHgjbWSJ82jAc03y1SMiZI-qzjeDxEiI9a3H_QeTpr3ifDcKcyLDY8e4qg-w01cSGoFNI9XCTxmKd_IRtRtQrkTu7SA2O8FQpvYL1fF_m9vTpdXx1cCCeqCGJoquf&sai=AMfl-YRV54MLYzYzOW9X4ZJeYQ-HAmJZbICM2zRHkKaY9FzBvgIryLMnw_GMqrXFxRt6MqB2sB6FA13wwMRNiM1d6bfIe7Nr_gQuINB9MgDvG8b2sI5iYO8plJtMeJeo_8WUAw-eWrmn9N51ZnhF6HFn9ISihi1LwPQBe5COghtYd0InfJqZMHB4xUAHV-zEor2wkoVeeLfgG7mb5mx-t2k5VYE3f0yT6UJwmAhS-bOA&sig=Cg0ArKJSzLAIC3X4LtawEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=644&vt=11&dtpt=375&dett=3&cstd=237&cisv=r20220330.54023&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 14:39:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 _300x335.jpg
s0.2mdn.net/sadbundle/8942916408153473024/fil-rouge_or_mobile-changermobilet22021_300x250_dis-iab/images/ Frame A3BC 8 KB
8 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8942916408153473024/fil-rouge_or_mobile-changermobilet22021_300x250_dis-iab/images/_300x335.jpg?1618417916156

Requested by

Host: 1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
URL: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa1194ff341222c7133515d0e57fb1290f686080fb44f38bf9cc788fa4b262bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8942916408153473024/fil-rouge_or_mobile-changermobilet22021_300x250_dis-iab/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 06:01:18 GMT
x-content-type-options: nosniff
age: 31062
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8607
x-xss-protection: 0
last-modified: Thu, 06 May 2021 05:20:09 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 06:01:18 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame BF34 0
26 B 49ms
43ms Ping
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvvwA3CfUROg6p66mtmk6MkT2JImadkuKSj1FY-Yp4rNM3BqJumHx-0DAG4OKMpjm8t-2W1fBveggQEkMf4n6cgY2J81T6_Kq0D17mhAm9CdaGUsDK9hTbJlCro1Oke-vmb_y5qa1uy5GJGJi0zKsk86K4iCveKyV_AzOiAR9XWpdN6WXivMeqNNO6-g3joq7RcK9J24JtfRMGLORM3xIhKWU5iXkDiOdUl9xULO4Ocxb8SM3wFEm9vRLjPs3ed2hPRDrGrST5LNq8qWEULTYrJyabZVVA_AUraZK6T1_IA-PJUzTH3vGhdSk2IvkMs85CwmmZmxWbsdl4skm6KZJudqj9j4c42j79ZWViKEM-oss0NAm8kYlufGNT7Xg6Kfe_pb8AzvtJUe-Ozk1sdgL9EDHy67a6sGTkW4eMFq952MjNmgowAVjnf1ECYwBY4_HXBvKcYj7bDObTkUqjxf69SJws0_FVBpciyEmDYyN6AYNT5uMJhqqpkW9os9ZilVDftZaHQqb4cDytlx_D5f-OoXHBoX3xnRDDelS14-RlLjtnt4nZHGvZ-OakJsg5pwb9HwtfAL2aPe57tgvSRGTfg3GLikoPUNP12Xty_zHSPruRylDfngezeL2KcdQ7dPn3jXjol7zM5id7-CE-J0eDFaDdpMYJLiI0YcHrvRxDP08SGS7DYHNqUtW4O5hCoycV4Fp4S2NMX3MfdlSYKWlv9LkK7OZhw0vV6gjed3ei-aKcyEGKolMXdhSjsRd5F0age-qV8g97vBSfevIQp1PWbBwPMLw_reepKZmU43S3UMCML8ef80r-AbzVqS4FqFCHauaAC8lt1orKLUw2MgIvY9zP8wQKDzzGZEUjQOvYF7KsUXsx2Z4NVFSdbIbZiqXAiqOVoGkjdFnLkuDU2BW9cMP3IP-EASYde_3e2Bc5xeuABTjFZ0xr3IdErPBz-QXuM_2LNZ2kYXIxxjVY__rGehbJSlsXMyLnK7xdyAXjzqduTPVKaeUbSmMAfRWuetpMFlrKDdrMYFxtrTwJ9oe2FEt-azOy1fffg4u2jpBXIhL--MVrc_bVpjH-3jVQ72bwC36gGs8M1W2BoH9CpOIx_xwmYxRO1RJD9LQy_MXUNxvKumvoifc4XTtVXBVRQ4ykALQrWSiYTwH91OwURtMb6s9F2a4dAcQijJl_5XoxMr9c&sai=AMfl-YR_aEByn8XxklHnZGQI06mkVBmAHUrStvPImEGpUqRsi2DwkZa_UfYDvQWJAtmn1qGY7R_eyCqUMPFbpYpYrVjuix5PyACbic2sqhRqxzOzmxvMClFGRIUwB0zBe-Gl__qtOMlWE9W2tyQM2iHLVOSonPu1sHZQpYoN-bwhGIs0OHAYGdVLrpc6yz5RsXtYKBJYJQ4V52yp1jENUr499yBnEX9v4kvNrRK6Qvt3&sig=Cg0ArKJSzOccbX3QACuvEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=528&vt=11&dtpt=332&dett=3&cstd=165&cisv=r20220330.54611&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 14:39:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js Show response
pagead2.googlesyndication.com/bg/ Frame E4C8 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

823068b6b6a39cad32cf89edbec0d116531302e077b701ef7837ae95d6873d64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 10:24:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15283
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13748
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 10:24:17 GMT

GET
H3 200 gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js Show response
pagead2.googlesyndication.com/bg/ Frame F357 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

823068b6b6a39cad32cf89edbec0d116531302e077b701ef7837ae95d6873d64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 10:24:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15283
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13748
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 10:24:17 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/14996117020957875645/ Frame E10C 4 KB
1 KB 8ms
8ms Document
text/html 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14996117020957875645/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc4438ca66539b20fc6649004eb8d29453f15da7ff924cc061e3bf62739eac43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 383927
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1456
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Mar 2022 04:00:13 GMT
expires: Fri, 31 Mar 2023 04:00:13 GMT
last-modified: Mon, 28 Mar 2022 14:13:36 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame F069 0
27 B 51ms
51ms Ping
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssebLO-ysis4-bya2IrLAqiprAT0idMP685HPbMmGqwTnj4p57fsuQkh5k-yZpY_VOyPD-1e-6O297FaKyCdmgKWmHbjNIXLcRg-ijwRoFwxUyXQxI-ZbHbfU5VDIqnvTTYN5wNrrR4vLRqilzNFfeQPqOsDYnLPsgUvOrGzuqfE24ojhEDqtgSJ0ISjVImKO6m0tM37VR81v41s4rULK6Y4Lu114eVT4ptx3uwnKBO_Oz7JrbcgRVpl6BSIg1ul7bF1pmEYN2Ag-b6au11DKnlTpk8wFGOH9i8GUQ99LIkN-UCnKpj8mmsp-_7BfJWytrr7yAiVLKF50DSRMeXSrazQGMs57323Dq0IspJy6dc5r-toXQKO7Tohg2gabyW3l4pKYjQFpNyr2Fhqp29ETRaI_XHl5XLWhdAx6i7R4paFkY4ehfELMW0H3nt4NUZawne4zGwfNAOTZ0BpAAyGs6tne6ZmBQMLDKTqpTV4v0YOrnATvHNIYLRVZeeUL9TSEi9P3Ljq87tTpjZrEOfJjN0ju7kXP1itEn2mjcpGvo9GV1QhonlekUZm915KEnJYaLnUGRbWstci1lIY9xVozVC0WFMtwuslugkrgmj4_P6l9D5TRxFGSqRHsBGvr42KYgyHcV5X5e5BopKB1g0aKjZ2PqmKFkO0QwjtCgrJjckF5mON8CV12Hr64SEq_dh6btMRPFangnHB_7i1dGVBoOAjC5dOvRvzSLXBQ993wBM-mG8NoLTLt8k7HqQkK54dXzzuWKJPtQ9RAY4MqXb9X5d1aFtNAxq75pVQ7SO6XkCdKmuXc3lN1OIPTv3yqNGM51Hwg1bpdUDmOKc3i_FN7JtnZLTC9a-uLaHJI9FKLUtgfiJXBOH7q52Bc-SnPpWW7wlhHlj1zdqx0TO8nzpkeo4lfc8_gZoRzqGxFJqMWpRDqz2Ik7v6g4WI290Khlx9TfPP_1TY3Nl2xjS8PaG1oLMF082InKzhyyNRxMC2gp_0sfIhA5QVK0prD9KmEzE1MFDVGXBifmi2hV8A4fGHv8c8NSA-4yhlbdgIcUOm26lTr8oRH4Xwyj5Fv-rykSdCaPCljQw8y6-RKXah6ETCrfJy7DQwjVDM7fAgBuFL8lUO9xPoMybSWbmyjQEZrSfYH9g-HBkuayeGg&sai=AMfl-YTguQwUONLhBru2ODQ7b6W8jrps5pTwmN2Mfokfpav9IIP9feGOCWPKSGtm2ei9514g3-1psqxijryVXSm_tDr1H9iMJOc48ZzMPwdWB-c9DZJm2vIu9EC3QG-U1EIoafOnQol6rUuI0Az7RHnGHvHUt6vFLfg29cXdkfYOj4Zeq5-2EAMKHlJ1MWEw_UOtMpqcRWyDLMWjAg1KlEhS_A&sig=Cg0ArKJSzHJ-E3PY1jb4EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=60&cbvp=1&cstd=58&cisv=r20220330.94034&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Mon, 04 Apr 2022 14:39:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F069 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 06:39:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 374386
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 31 Mar 2023 06:39:14 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 898F 1 KB
750 B 11ms
7ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

age: 4368
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 13:26:12 GMT
etag: 48472445140208031
expires: Tue, 05 Apr 2022 13:26:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame F069 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0fca399725097b7fcdd5557a0afba2a2cb92522e97d1c5932ccb3550c04f6220

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 _Orange5G_Pentagone.png
s0.2mdn.net/sadbundle/8942916408153473024/fil-rouge_or_mobile-changermobilet22021_300x250_dis-iab/images/ Frame A3BC 5 KB
5 KB 8ms
8ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8942916408153473024/fil-rouge_or_mobile-changermobilet22021_300x250_dis-iab/images/_Orange5G_Pentagone.png?1618417916156

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4940ff7a15d8c00de5bd62664e5924c2132da2d683275b2565eb88ced63b9442

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8942916408153473024/fil-rouge_or_mobile-changermobilet22021_300x250_dis-iab/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 06:01:18 GMT
x-content-type-options: nosniff
age: 31062
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5074
x-xss-protection: 0
last-modified: Thu, 06 May 2021 05:20:09 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 06:01:18 GMT

GET
H3 200 pictomobile.png
s0.2mdn.net/sadbundle/8942916408153473024/fil-rouge_or_mobile-changermobilet22021_300x250_dis-iab/images/ Frame A3BC 1 KB
1 KB 8ms
7ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8942916408153473024/fil-rouge_or_mobile-changermobilet22021_300x250_dis-iab/images/pictomobile.png?1618417916156

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76ea50bbd29329093f4c8660b35cde7979479f9955b83d01de4a6fcba4b29246

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8942916408153473024/fil-rouge_or_mobile-changermobilet22021_300x250_dis-iab/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 06:01:18 GMT
x-content-type-options: nosniff
age: 31062
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1114
x-xss-protection: 0
last-modified: Thu, 06 May 2021 05:20:09 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Apr 2023 06:01:18 GMT

GET
H3 200 framework.css
s0.2mdn.net/sadbundle/14996117020957875645/styles/ Frame E10C 7 KB
787 B 7ms
7ms Stylesheet
text/css 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14996117020957875645/styles/framework.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14996117020957875645/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d46128d6fba7c1ef2cf32e07d697f9e725364fde5814f51375e7b2abb30e2a64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14996117020957875645/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 04:00:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 383927
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 758
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 14:13:36 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 31 Mar 2023 04:00:13 GMT

GET
H3 200 framework.js Show response
s0.2mdn.net/sadbundle/14996117020957875645/scripts/ Frame E10C 565 B
341 B 8ms
8ms Script
application/x-javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14996117020957875645/scripts/framework.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14996117020957875645/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

215f500ae1db630213530e7682c7bc7c64a72a85b8e3e51c9b56a97436d9e05e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14996117020957875645/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 04:00:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 383927
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 312
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 14:13:36 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 31 Mar 2023 04:00:13 GMT

GET
H3 200 bg.jpg
s0.2mdn.net/sadbundle/14996117020957875645/images/ Frame E10C 729 B
756 B 12ms
12ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14996117020957875645/images/bg.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14996117020957875645/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eee05fbae058cdbd8ff3932cda76cfe9096d8cb9c1e5a8fa3b581700540f854c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14996117020957875645/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 04:00:13 GMT
x-content-type-options: nosniff
age: 383927
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 729
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 14:13:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 31 Mar 2023 04:00:13 GMT

GET
H3 200 content_1.png
s0.2mdn.net/sadbundle/14996117020957875645/images/ Frame E10C 23 KB
23 KB 16ms
8ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14996117020957875645/images/content_1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14996117020957875645/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3bedf93856446850d871835522e658c72be46c0acc9cdc84b88d0ab14206d400

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14996117020957875645/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 04:00:13 GMT
x-content-type-options: nosniff
age: 383927
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23275
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 14:13:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 31 Mar 2023 04:00:13 GMT

GET
H3 200 content_2.png
s0.2mdn.net/sadbundle/14996117020957875645/images/ Frame E10C 6 KB
6 KB 15ms
8ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14996117020957875645/images/content_2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14996117020957875645/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7180adf0c569f2c819febe58fb649a174e44a190573cbd99b898855e05db3abc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14996117020957875645/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 04:00:13 GMT
x-content-type-options: nosniff
age: 383927
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6139
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 14:13:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 31 Mar 2023 04:00:13 GMT

GET
H3 200 content_3.png
s0.2mdn.net/sadbundle/14996117020957875645/images/ Frame E10C 3 KB
3 KB 16ms
10ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14996117020957875645/images/content_3.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14996117020957875645/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

decfa0ac69afecc487e38943448723e14f986e53b62c0ad370dcd643329402d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14996117020957875645/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 04:00:13 GMT
x-content-type-options: nosniff
age: 383927
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3458
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 14:13:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 31 Mar 2023 04:00:13 GMT

GET
H3 200 cta.png
s0.2mdn.net/sadbundle/14996117020957875645/images/ Frame E10C 4 KB
4 KB 16ms
9ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14996117020957875645/images/cta.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14996117020957875645/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b4bd9be7e8b021afadcb6d6749c6ff09cfe2d3713d6402e421edf8ebc5991d24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14996117020957875645/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 04:00:13 GMT
x-content-type-options: nosniff
age: 383927
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4127
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 14:13:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 31 Mar 2023 04:00:13 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 441F 22 KB
8 KB 9ms
9ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 30272
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 06:14:28 GMT
expires: Tue, 04 Apr 2023 06:14:28 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 898F
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESECn3GRWWoGLmvTo4IG7OhTU&google_cver=1&google_push=AYg5qPKtFgc9lUR7Diz2NnDAb7jCEikF73xwppGydXCTzNhSRsliprqNBQ...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPKtFgc9lUR7Diz2NnDAb7jCEikF73xwppGydXCTzNhSRsliprqNBQB9RrnzO9UECk3cNFtt6V2Qvz8LEcM4TWQMuBsSvTg3&google_hm=TynzHA0n8IU9...

170 B
188 B

22ms
17ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPKtFgc9lUR7Diz2NnDAb7jCEikF73xwppGydXCTzNhSRsliprqNBQB9RrnzO9UECk3cNFtt6V2Qvz8LEcM4TWQMuBsSvTg3&google_hm=TynzHA0n8IU9VLa7xAATqA

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPKtFgc9lUR7Diz2NnDAb7jCEikF73xwppGydXCTzNhSRsliprqNBQB9RrnzO9UECk3cNFtt6V2Qvz8LEcM4TWQMuBsSvTg3&google_hm=TynzHA0n8IU9VLa7xAATqA
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame 898F 43 B
351 B 64ms
22ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEGYtOIpAN_m6XsBq7iVgAPQ&google_cver=1&google_push=AYg5qPKsAhStjqoPQr4pVE8_3aKizWRoigd3QWSiyaXLmHHjwue-bUibBaypHSRQ2h8EgsFHJQzXqH8Fx_tZ9LAZb2c2B9kXPzu4
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=250&slotname=2376748102&adk=2477513961&adf=776186307&pi=t.ma~as.2376748102&w=300&psa=0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649083139182&bpp=8&bdt=475&idt=1524&shv=r20220330&mjsv=m202203280101&ptt=9&saldr=aa&cookie=ID%3D155ab87f274ca756%3AT%3D1649083137%3AS%3DALNI_MYdxEOrovTRxR8cNDXAOvWW_urnLg&correlator=6197558240533&frm=23&ife=4&pv=2&ga_vid=414288784.1649083137&ga_sid=1649083141&ga_hid=1130113428&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1082&ady=1551&biw=1600&bih=1200&isw=300&ish=250&ifk=1199468016&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44760475%2C44761043%2C31065971%2C21065725%2C31064019&oid=2&pvsid=3187653422567155&pem=854&tmod=1773897540&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ciw8pvy0ctg8&btvi=1&fsb=1&dtd=1585
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: dio5l30dnv4kvr76nq165qs8c22lkhog

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 898F
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=wPNN6HwERwS4i01WDZfwIQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=wPNN6HwERwS4i01WDZfwIQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIbafK9QDlwAbwxThFkNsAYMEKTBjJQ-5uXl3v78tG9FofUO3enyor7aRVInDAMiQYnbHb1IJeC3waV0PuKqvVnuXnfvZOH

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=wPNN6HwERwS4i01WDZfwIQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIbafK9QDlwAbwxThFkNsAYMEKTBjJQ-5uXl3v78tG9FofUO3enyor7aRVInDAMiQYnbHb1IJeC3waV0PuKqvVnuXnfvZOH
date: Mon, 04 Apr 2022 14:39:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 898F
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJzY0o2MplYujvkEpMx2LTE&google_cver=1&google_push=AYg5qPLExu0OjX4MPvFFLo3afB0rkQ2UqR92sX1eKE6Ki5xCUAmZgxze9topngcisAPo4rJD6Ec...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFLVElSUVEtSC1BRkpS&google_push=AYg5qPLExu0OjX4MPvFFLo3afB0rkQ2UqR92sX1eKE6Ki5xCUAmZgxze9topngcisAPo4rJD6EcNMMGmoDxZfDfsspvyepzWvwhl

170 B
188 B

20ms
20ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFLVElSUVEtSC1BRkpS&google_push=AYg5qPLExu0OjX4MPvFFLo3afB0rkQ2UqR92sX1eKE6Ki5xCUAmZgxze9topngcisAPo4rJD6EcNMMGmoDxZfDfsspvyepzWvwhl

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFLVElSUVEtSC1BRkpS&google_push=AYg5qPLExu0OjX4MPvFFLo3afB0rkQ2UqR92sX1eKE6Ki5xCUAmZgxze9topngcisAPo4rJD6EcNMMGmoDxZfDfsspvyepzWvwhl
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 898F
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDlzhL3FvnFQneeYBa7tuOU&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnH...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnH...

0
0

GET
H2 200 trk
ag.innovid.com/ Frame 898F 43 B
297 B 131ms
20ms Image
image/gif 2a05:d01c:1d8:8100:8701:aae2:1118:ca9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESELh8Kxi8UBym-sYF7SIDC8Q&google_cver=1&google_push=AYg5qPKgajw-jSpxZoT784BZD93dP9jxcwRm0_4YBirSiI3yXXsuenVJZ8jK0XlhtKTC6eVFnEIkPcoqUYdEfzdSuL-qqJY7uiWI
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-7500593236707325&output=html&h=250&slotname=2376748102&adk=2477513961&adf=776186307&pi=t.ma~as.2376748102&w=300&psa=0&format=300x250&url=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1649083139182&bpp=8&bdt=475&idt=1524&shv=r20220330&mjsv=m202203280101&ptt=9&saldr=aa&cookie=ID%3D155ab87f274ca756%3AT%3D1649083137%3AS%3DALNI_MYdxEOrovTRxR8cNDXAOvWW_urnLg&correlator=6197558240533&frm=23&ife=4&pv=2&ga_vid=414288784.1649083137&ga_sid=1649083141&ga_hid=1130113428&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1082&ady=1551&biw=1600&bih=1200&isw=300&ish=250&ifk=1199468016&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44760475%2C44761043%2C31065971%2C21065725%2C31064019&oid=2&pvsid=3187653422567155&pem=854&tmod=1773897540&uas=0&nvt=1&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.ciw8pvy0ctg8&btvi=1&fsb=1&dtd=1585
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8100:8701:aae2:1118:ca9 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:00 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 1
expires: -1

GET googleredir
googlecm.hit.gemius.pl/ Frame 898F 0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 898F 0
12 B 32ms
28ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Iciz9a-fumIicrruf4d4w2rIU73L7kKvDPcv5hu_nZAZvXB6_ROAZAHgC9UXduepO68xFXRQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:00 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame F069 0
26 B 43ms
42ms Ping
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssebLO-ysis4-bya2IrLAqiprAT0idMP685HPbMmGqwTnj4p57fsuQkh5k-yZpY_VOyPD-1e-6O297FaKyCdmgKWmHbjNIXLcRg-ijwRoFwxUyXQxI-ZbHbfU5VDIqnvTTYN5wNrrR4vLRqilzNFfeQPqOsDYnLPsgUvOrGzuqfE24ojhEDqtgSJ0ISjVImKO6m0tM37VR81v41s4rULK6Y4Lu114eVT4ptx3uwnKBO_Oz7JrbcgRVpl6BSIg1ul7bF1pmEYN2Ag-b6au11DKnlTpk8wFGOH9i8GUQ99LIkN-UCnKpj8mmsp-_7BfJWytrr7yAiVLKF50DSRMeXSrazQGMs57323Dq0IspJy6dc5r-toXQKO7Tohg2gabyW3l4pKYjQFpNyr2Fhqp29ETRaI_XHl5XLWhdAx6i7R4paFkY4ehfELMW0H3nt4NUZawne4zGwfNAOTZ0BpAAyGs6tne6ZmBQMLDKTqpTV4v0YOrnATvHNIYLRVZeeUL9TSEi9P3Ljq87tTpjZrEOfJjN0ju7kXP1itEn2mjcpGvo9GV1QhonlekUZm915KEnJYaLnUGRbWstci1lIY9xVozVC0WFMtwuslugkrgmj4_P6l9D5TRxFGSqRHsBGvr42KYgyHcV5X5e5BopKB1g0aKjZ2PqmKFkO0QwjtCgrJjckF5mON8CV12Hr64SEq_dh6btMRPFangnHB_7i1dGVBoOAjC5dOvRvzSLXBQ993wBM-mG8NoLTLt8k7HqQkK54dXzzuWKJPtQ9RAY4MqXb9X5d1aFtNAxq75pVQ7SO6XkCdKmuXc3lN1OIPTv3yqNGM51Hwg1bpdUDmOKc3i_FN7JtnZLTC9a-uLaHJI9FKLUtgfiJXBOH7q52Bc-SnPpWW7wlhHlj1zdqx0TO8nzpkeo4lfc8_gZoRzqGxFJqMWpRDqz2Ik7v6g4WI290Khlx9TfPP_1TY3Nl2xjS8PaG1oLMF082InKzhyyNRxMC2gp_0sfIhA5QVK0prD9KmEzE1MFDVGXBifmi2hV8A4fGHv8c8NSA-4yhlbdgIcUOm26lTr8oRH4Xwyj5Fv-rykSdCaPCljQw8y6-RKXah6ETCrfJy7DQwjVDM7fAgBuFL8lUO9xPoMybSWbmyjQEZrSfYH9g-HBkuayeGg&sai=AMfl-YTguQwUONLhBru2ODQ7b6W8jrps5pTwmN2Mfokfpav9IIP9feGOCWPKSGtm2ei9514g3-1psqxijryVXSm_tDr1H9iMJOc48ZzMPwdWB-c9DZJm2vIu9EC3QG-U1EIoafOnQol6rUuI0Az7RHnGHvHUt6vFLfg29cXdkfYOj4Zeq5-2EAMKHlJ1MWEw_UOtMpqcRWyDLMWjAg1KlEhS_A&sig=Cg0ArKJSzHJ-E3PY1jb4EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=366&vt=11&dtpt=306&dett=3&cstd=58&cisv=r20220330.94034&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 14:39:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 441F 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

823068b6b6a39cad32cf89edbec0d116531302e077b701ef7837ae95d6873d64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 10:24:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15283
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13748
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 10:24:17 GMT

POST
H/1.1 200
OK abt Show response
capi-tier-2-us-east-2.connatix.com/tr/ Frame DA43 0
315 B 109ms
108ms XHR
application/x-protobuf 18.118.192.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/tr/abt?v=157383
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.118.192.126 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-118-192-126.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Mon, 04 Apr 2022 14:39:00 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 24BE 13 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 2520
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 13:57:01 GMT
expires: Tue, 04 Apr 2023 13:57:01 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 4539 783 B
536 B 17ms
17ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/b-7b120a5-9b871d4e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

2828f2192998668aba04c5106a913fb7aa7478e20763090983f385584a168794

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-+mr4g3IJmN0lHTgGTOYF9Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-+mr4g3IJmN0lHTgGTOYF9Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 14:39:01 GMT
expires: Mon, 04 Apr 2022 14:39:01 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E4C8 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B9hhWAgNLYsqDLN6MjuwPvc-o-AkAAAAAOAHgBAI&bg=!ISKlImbNAAZku-1yRLs7ACkAdvg8WoIq6ssTJjVks_OU1xsuOfP_3HHj-vdOE5CEugz8RIOvPsj01wIAAAE1UgAAAANoAQeZAyctZvFOG-5fbptuL2q8Y8fUJ8vM8VsXIM1hT0Cq8p79pnjXHB-b1sy3qVVeD1qPqHmdLTBjG5uw_LWhvr8CfFGABVRsIafKt8n8IIszoDIjyb8EOU0Hq84q0FxwTjiMENbOmrsA9zVeWh7eHIP-VOlspkynyEiBmPNbF3e0w1jmgAZ7o0dn-XroRPmz2Cs8zuQVwoJlLdcyfiWPJFgsI5CJpfmQyvjfhr91Hp7T-BVSbb45xaqL16phrL6-Fsklx9oCGk9YFOAdoy1ZClQ335B9kRmld96XBEF085TDtkddNeb4-n0t4abgWYXz2UpQFz_yFPO5tmueq7xNXyzyacf4tc4GSxT-uJCROJ6sQBMwBf3H-P08KohPTvrf96VVv0IS6LZGY0sA14KI3-8o0e5gCL3XmnZrZYBU_h_2VAzzFC01q5UaUEBADSM7z2KeTHo8SElwm0mdxkTJvyV11wQl-NJXIT_8bjKMCAasbwFvLM88KRVHnkh6E9slaFFvRosgILxl_zRZS7Yl8rKeFAwZBH-d4wdapqK7gxY4FMgKeo2epxU_hLjmt37rEzeOU9YKFa2ye_CBzFrVjcElNiLtOOUReacpg41LCJ_p2OHYkYWuRHE6KGAuIdtpQ8Vm3bk2jnWW5PwEPbs0bYQLoiKt5R9T2CSH9oXArGzzb20ITnJ55v0ZHAIW_ErpnaFgNpnE8orMSBeuzziAFhkAXe9df6TRLCJTBsaEq4Xr7C3_HEoSHOF-llKXl5gZxN2eGyWfQH9y52cWgkAJsBvZCUQ8u91IEWdrreq4DlMJEHjCHIOJkW5c04_UMGh0UZpWseJbBOlRYB2XRuOpRzxI1ZRSc5zKEcRTl6-sRqPn18yvG6Ngjy54h5Bvxifq3dO7qBoFtMYn2_6cxUmIe6EBGQJ51dxBLUvFC5lRSxJATLMTXFDutCox4a_w44l-nnnMBciKUgew-uZpKQs9RLwnZi3ntNrfJZWiPXVyVhSrxnlcEYFsZfqv-XIOQwSg0Dy1MYC26hVcK3LLcqOamWmf5eG6poMlThybTfx5AToQZ-yRkZcMhCjSu5w

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F357 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BaQi2AwNLYuKsDciQjuwPs-C8sAgAAAAAOAHgBAI&bg=!5-Sl5KDNAAZku-1yRLs7ACkAdvg8WmioYfumOz6VXSEt9RcJe08-wR7UvRXPfBZr3-toIQHP_rudagIAAAE_UgAAAAJoAQeZAyRFl58UqE4LdFJ_IEZyiDQA5YqPgCtyvxWOc9i3ToGkH4LOXFJdrvbxVw2bULejv9AplgL8ghEejjOY77M6klB9Oq4RLcITxbXRy9HFdyo11X4KWpLRx1UqxcnnDv-EBSEzFgCKIZZCENYN8NJB3EyS36grclQX7YQEIlX_Vf2PtZ1xSKM2Y56aw_c63odyD9qA5N2pO-KnwBuihSh8heyT7DkBHM1RBTd8Lt2USeNMJx2j-ZQfniSlCpK0a56jIcSuaLu5xvoOkidd3BTMElctN1PbwRDIrZQgosb6yEGoNLW8IYlPv2cndpXDvQVTVvNzEjUrYeHUAUyufl3U7tsoSyG--XbnroStsQAAg5KmRutC0JX3E9Z2WbDVEXc2u6JyU8-ghneenAr5rfVmGy0p9oAFKN4RsdZvnGmncnAlt_9lIA2WCvd2GEPXgnxTCa_8fusGDS10l_L30TT6F0D1atM0mvEMbETziPpgzvvs6wGrpOyxYP2kmwLoyBIlJewWML8TPRr-_nXV9ZmELz-2BYuyze9Yd2K3HGzMTMNMpSV9NfDUIfWHVJk2k7gFxalbt3MU7r1-bY_wKNQkpMIEG0QWFrs7ZKbMcsOlCfA1ofDbiD2DqjsSOTu5xa74-wiNpoGViT-B6HH4n7v2Iw8xq4cLdDp7CoHnuv0qHqXXh1Q2977Kp2x1Qq8d0m2hwxVtao6JvPJx17wRHn1eJ6TB7_Z-eClke9YLmUMfx1SzC9B1rJ3AVgdQ5-cgsfbkN1jN0qajFq4PnPOZ-Ec4uW6lJTluvKjOdpDgWpPHCjeasK80DoYf2WRjS3pTkU4wdNokC2eA1l1MDziIpGGmnoG1-tz8onF7OMhcbgApR5ZMCCMA0srgOe1e7Jc1WatWEguD7tcG5Cr1KhzzUUhv0Ldd-m6dCNK0EsSbDITXc8S05WCldpt4WSHRg_VqxnVNDN1KZi054D8tBRpzTJZBAwpN9DUtqoH0QO_5HshUlO8EeXi_W7Uv2JH8Kf297p5cMHFoH3G8ySObEbcN5Mta2iil2Y55jLpjPgCvXOfNxfF8j4qGd1w

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4539 0
0 55ms
54ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220330&jk=3187653422567155&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H3 200 gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 24BE 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gjBotrajnK0yz4ntvsDRFlMTAuB3twHveDeuldaHPWQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

823068b6b6a39cad32cf89edbec0d116531302e077b701ef7837ae95d6873d64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 10:24:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15284
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13748
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 10:24:17 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 441F 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Brc5PBANLYsW1GMiQjuwPs-C8sAgAAAAAOAHgBAI&bg=!b2ylbCjNAAZku-1yRLs7ACkAdvg8WuzLumRoIpnxvZ51K8LBpSorUMfZwdb2BIQsQQDo0CnVlJEUQwIAAAEXUgAAAAJoAQcKACsqJF4IKbDYWIU8cYPYSJaJ57tbHVBrrH6ppiUBDvGxhubUh9HWWsbB4pfOmQNADOmoQxpFlRIZgYTiFZOC3yTsi-PRTT_Ud5hKkPtlKYPWMLSmnHerc7xMx8W14_hV2r8t6rP0CWGwT4FA8dDfcXMa3E7I7bNz23SfG1ItWYBnNmixa5h-mpI2QTyO3UyyFjEnCj0x0Mrp6aB3BUGSca2PrzgtzjIN2K7oL7DGq4fbkm6lpMcZ4zbxalbu5xOe543os77SltWD_ouy8P498sqM_LL5A_lMTzz8PCtYvz0oeGpEBshOb4UmCYbBJOLBEodu6X9by74U0T05-Fj5OFa4a0NXWh6Yg_hPAAwFTMJhuM2yhvmtjoeerx-gjRX6tEZ4LxZ-cw6fnyhsZHvmiyM8dMmTsvpTQZ2-UpxJHKfDK79kutcTBBK4DOZ4yNDrr3r1REYK9S3GVRXd1YqG35vf2D5KI-80BcFHfpmKIy2PDNDHamRXvjI3OXgVy-q49_-SS6k3upr1EHJQnpnuQALXudrV3IF778FqutJKS6NNEoSwtcjVmHKkpqm3x3e9tvXq_ocjCgaxYM0mHo7FnaNny5ULm3jCydhdaHKAcWWmNKyD6OhGyhF9Kns0qPyXckjkxNxieWAb6O2O4Aiy-TY105NoVJv-0vOTlrY8omCyrtAFTIOjFW9ipViwXroaeiIrGYmK_qupoMK54W2_mWSzjeW8XLaAUXCQ2JETJzX3AP0WPeJDFH18FQcg6ba1fz50N2kfQW93alXNpSP4OPSdXp4A8vaSlFAwdWI-PG3fP5F2903mSjLGawkSjAHQaULDHwTZdgqdJFyOgUrdBeOAe63u4XI4iezptMWLLTm7NVP2a0dJBNkkACgoYEYUbyG85iYBq6sgUfFG_JmXVygrT5fxCpKxXgGFIPuOzrd3x5nOcl8b5vYd71rLL1jgY_fNsEorqSl3pGPup6o_cWB895d5dJZhb6GLX_6k_G5ANxafOT28rEDEGLOXbfkmVjgHZrPPdh_eSF8SmKv_Sc8_iOKPgQoZO-t7sid2O4fajJBohqnA4LMeAOVHcOLa-_7buhfJLBGOmoIjsOuVXCKvJQljZCv7rJnKccUlopqfnLEh9U6i3NWykXNKPYHS7b_785fXnEOHK7WLJPzHCg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 24BE 0
9 B 6ms
6ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?UreqYA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:01 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1AEC 42 B
64 B 43ms
43ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv8d_XqkWMlfbxyIHvKhlGe9IWwyCxodPfz5rVnTdcGknzpiXxHtiUMqByLP6PwJcGIrXSRCXULk--oGu6_QUctoR-HVw-lCO9c3-imhFcBCUE1Ds0&sai=AMfl-YRwDoUFy6enLGLyK4_wSxBmiv98MTGU8eXUSzjcFWyXjudSJ5MlaPx_YUWudeltgcF4GEGlcQPcf4hF4uBVi5rSVsk_mlD5zFoEvwct&sig=Cg0ArKJSzBJOBzXUL_OXEAE&cid=CAQSLQCNIrLMvt3QtSjydfa0Am1XU3Y6GhnfqV0SISrUEZ9E9wlM39bYayaTtssddBgB&id=lidar2&mcvt=1000&p=8,436,98,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220330&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=4166723991&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1649083138673&rpt=2630&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame BF34 42 B
64 B 44ms
44ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssZU_WDAcuN08qCcSCsBvr-2fWVkk1AFKmeZuXovUSJWP97n23OgnrFKFx6wCmpCwlEn2PDWh3khUir8OtPM0fAwod75ntrxALn2ZSwNvl6lqzex5c&sai=AMfl-YS_QIl3ds5ju7v_THdesZL3DamoneqJ8HpmmfJgewTB_rCEJyRC2UM1BLYw0y1CAewZrmmCqkjOWSlJLAyfsv58DYHJSKp2ZYmGi7b3&sig=Cg0ArKJSzJgmFNih1O77EAE&cid=CAQSLQCNIrLMvt3QtSjydfa0Am1XU3Y6GhnfqV0SISrUEZ9E9wlM39bYayaTtssddBgB&id=lidar2&mcvt=1002&p=256,1082,506,1382&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20220330&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1414505084&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1649083138704&rpt=2647&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 0285 0
741 B 108ms
108ms Script
text/html 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:01 GMT
X-Proxy-Origin: 217.64.151.9; 217.64.151.9; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 2566e930-e5c5-4c1c-8a4c-5579b0847e0f
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame BA1A 0
741 B 9ms
9ms Script
text/html 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:01 GMT
X-Proxy-Origin: 217.64.151.9; 217.64.151.9; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: ebcef28e-2588-44b9-9717-c24f63340def
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9CD9 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220330&jk=3187653422567155&bg=!goGlgcXNAAZku-1yRLs7ACkAdvg8WgpD7akZ-vIm1YQumidCEovSN4KKVd-msdnN-HWzkS_VSfwwhQIAAACCUgAAAANoAQeZAwJeii3dKVPIntO_u2nb-pZZpnNL-EaV406GaQZJya1tfXeSeOHVXvZSLivhAli-xsbuLlMBWOnc9z_gNCSueq3r4MHBU1ZWWEKEc9YK_uStE2ZeljRsx4k4nptYzVqqvEgQ6CweQrrtG-TSL8iXHqMIw6Q8mRlRMZ2QTgYbLqvQeLu7oep3_30NvGLzSbEZsoEnV7RFQwggwXD11j8Ynnw7v_BEvhGf1GcEf9gYXNPPCjz7yG1BT3anzuIAYV0QYSckJzlhqbicbuu-y6tdtCEFk_kKDkswVVWqvLoC72kQLtj8DpMl5DlZLmNHTYkCof_834G2KppqossjrLIPggjTxQXbb_FJdkMUFKmZRRdplWiJ80ghEg4pOH4jpR8HkeQQk-GCdonJvHgC-hpRm9Tnuhdm4iWDG9rFOHcYzs0p0N-3CTpfLzZSEC5pP33iokHa6AbMemLdFj3LPpEDlgij6PrJYeJDiiUDzpklj5KyESvxWGWYNlgN5SxGmI8GGFajIXOwJB0WDpd2qiCRLm6fx7cR1u99Lt6gY9yjkWalQLZGiJp9e6kkV1raQOwDpw8BLtWhUwH3CCXzeScRgXaGlP-Av4S5XBJdRoX4-8TAcrcO5fhc0-UE5POxuTR2vapjKaxxwatwGpXTmBx5m4yhSu_BgJLGRScuym50yWQHLPQzY1o1WvM9CEx9DvoYRSi6X1xJYNilE5aZ01CRiy2HGau7-9SYl_7x91BX36n6XiVdGxXt1N811CWR96XW1mbK9dryrjCukuQ2G6M1q0naCQGiKRWBQ2T1orMWvYzaLMFOep_ttF-9y4oW4rVooS384SlzIerM_RELLJm-Gul3LTok0n_7kkArPfFiEzotfWbmEqAq2rwgGWAtU92YJpp_sXCHEfyjsuZGNSuAoG-nnJZpo0J_TAIuh8GOC1ypghyu7xU_wkb2tg3emAG1k2Iltu7IRFrJuSSsnTeW94rZVPv_O7Q2D4yj58TeGhbo3Lx4L5fMsIGT9jYBE6qqZ6iWjA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sync.html Show response
public.servenobid.com/ Frame F357 8 KB
4 KB 101ms
16ms Document
text/html 2620:1ec:bdf::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://public.servenobid.com/sync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::44 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0849eef021b381cb3f64d424bdd29839513dbb4e964aef0420136906426a18de

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=86400
content-encoding: br
content-type: text/html
date: Mon, 04 Apr 2022 14:39:01 GMT
etag: "866b66bb3ccc5c8de41913672c69b8f7"
last-modified: Tue, 15 Mar 2022 23:39:48 GMT
server: AmazonS3
x-amz-id-2: Whw4gUaF5qRRhOMRwKptf7o3l9ebgSMjvbEzTldEI0EueT2RFJ+3BSTsvbolN0hYAMyfIX5wp5A=
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:us-east-1:559734745816:build/adserver-public-prod:a4519585-d31b-4588-8499-6641ec459b43
x-amz-meta-codebuild-content-md5: d97b029b026ab1b5da9f71fc8f6cf19a
x-amz-meta-codebuild-content-sha256: 1bd3623b950dcf081744ebf0150c6ff72edcc5cbd4a3ea8293d7f9c29b2e9c0b
x-amz-request-id: HXRZQT963RTZSQMT
x-azure-ref: 0BgNLYgAAAACiPua6UcmhQKJ69E5SiI1tQkVSMzBFREdFMDQxNgA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
x-azure-ref-originshield: 0B9ZKYgAAAACZa7PyionRSpaoccUupXqQQU1TMDRFREdFMTkwOQA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
x-cache: TCP_HIT

GET
H2

200

sync Show response
eb2.3lift.com/ Frame 92CA
Redirect Chain

https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

1 KB
1 KB

8ms
8ms

Document
text/html

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: 2416bc49716c605ad1ab699eeadf99555e5f30e9fb7fa0b63fcd4ae4ccbb6712

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-length: 464
content-type: text/html; charset=utf-8
date: Mon, 04 Apr 2022 14:39:02 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

cache-control: no-cache, no-store, must-revalidate
content-length: 0
date: Mon, 04 Apr 2022 14:39:02 GMT
location: /sync?&ld=1
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 58B4 52 KB
17 KB 21ms
21ms Document
text/html 69.192.160.186
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.192.160.186 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-186.deploy.static.akamaitechnologies.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Mon, 04 Apr 2022 14:39:02 GMT
ETag: "623de86a-cf34"
Expires: Tue, 05 Apr 2022 14:39:04 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 4C46 3 KB
2 KB 18ms
17ms Document
text/html 69.192.160.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.192.160.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-245.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1388
Content-Type: text/html; charset=UTF-8
Date: Mon, 04 Apr 2022 14:39:02 GMT
ETag: "e20015-b6b-5d84d0db0c30a"
Last-Modified: Fri, 18 Feb 2022 16:05:37 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame DDC9 0
0 27ms
27ms Document
text/plain 216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13394437
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date: Mon, 04 Apr 2022 14:39:02 GMT
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Pragma: no-cache
Server: nginx
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap4ams1

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 7CD8 15 KB
6 KB 17ms
17ms Document
text/html 69.192.160.199
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.192.160.199 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-199.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=35228
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Mon, 04 Apr 2022 14:39:02 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Tue, 05 Apr 2022 00:26:10 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 32FF 281 B
554 B 31ms
7ms Document
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 04 Apr 2022 14:39:02 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1

200
OK

2000891.html Show response
serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/ Frame 1C77
Redirect Chain

https://sync.serverbid.com/ss/2000891.html
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

5 KB
5 KB

90ms
18ms

Document
text/html

205.185.216.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL

https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

205.185.216.10 , United States, ASN20446 (STACKPATH-CDN, US),

Reverse DNS

map2.hwcdn.net

Software

Resource Hash

f3d66b78ca0c93adf48dec8533da3c4db538cc648dc60e383d5fd0b666859206

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=27701
Connection: Keep-Alive
Content-Length: 4947
Content-Type: text/html
Date: Mon, 04 Apr 2022 14:39:02 GMT
Last-Modified: Wed, 20 Nov 2019 20:29:05 GMT
Vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
X-HW: 1649083142.dop211.lo4.t,1649083142.cds030.lo4.shn,1649083142.cds030.lo4.c
age: 349
etag: "1b0ebac83fe30af80513039edbdf566f"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: tx0000000000000108f3459-00624a1dbb-14d1c90f-nyc3a
x-rgw-object-type: Normal

Redirect headers

cache-control: no-cache
content-length: 0
location: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

GET
H3 200 pd Show response
eu-u.openx.net/w/1.0/ Frame 0AA9 542 B
358 B 25ms
25ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: eac61327f649a8b9714f0ca690d1ea092f9ff313aabf11583e4ed12ee19a92c1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://threatpost.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 339
content-type: text/html
date: Mon, 04 Apr 2022 14:39:02 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/18.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H3 200 dds
rtb.openx.net/sync/ Frame 0AA9 43 B
64 B 35ms
22ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:02 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: ebdck5iu78v573qoehi7blksfnu46bof

GET
H2 200 fa8e286a-c70d-e554-ec5d-6204529e96e5
pr-bh.ybp.yahoo.com/sync/openx/ Frame 0AA9 43 B
985 B 108ms
37ms Image
image/gif 2a05:d018:d29:3605:94f3:d01d:495a:dfd0
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/openx/fa8e286a-c70d-e554-ec5d-6204529e96e5?gdpr=0

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3605:94f3:d01d:495a:dfd0 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff

GET
H3

200

sd
eu-u.openx.net/w/1.0/ Frame 0AA9
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=bbCHfU671NBnRc5

43 B
61 B

23ms
23ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537072979&val=bbCHfU671NBnRc5
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:02 GMT
via: 1.1 google
server: OXGW/18.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:01 GMT
Server: PingMatch/v2.0.30-713-gdae83a2#rel-ec2-master i-0ae965e2f8a6b4310@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains
Location: https://eu-u.openx.net/w/1.0/sd?id=537072979&val=bbCHfU671NBnRc5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sync
odr.mookie1.com/t/v2/ Frame 0AA9
Redirect Chain

https://x.bidswitch.net/sync?ssp=openx
https://x.bidswitch.net/ul_cb/sync?ssp=openx
https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=c3a5455c-a691-4fce-9c0d-6ef0dd768474&ssp=openx&gdpr=&gdpr_consent=

43 B
324 B

39ms
15ms

Image
image/gif

34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=c3a5455c-a691-4fce-9c0d-6ef0dd768474&ssp=openx&gdpr=&gdpr_consent=
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol: H2
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:02 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: //odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=c3a5455c-a691-4fce-9c0d-6ef0dd768474&ssp=openx&gdpr=&gdpr_consent=
Date: Mon, 04 Apr 2022 14:39:02 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H3

200

sd
eu-u.openx.net/w/1.0/ Frame 0AA9
Redirect Chain

https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=7017324650599299232

43 B
61 B

25ms
24ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537072399&val=7017324650599299232
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:02 GMT
via: 1.1 google
server: OXGW/18.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:02 GMT
X-Proxy-Origin: 217.64.151.9; 217.64.151.9; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: e23fd9af-15de-4800-8be8-02f39baaa6da
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://eu-u.openx.net/w/1.0/sd?id=537072399&val=7017324650599299232
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

redir
rtb-csync.smartadserver.com/ Frame 0AA9
Redirect Chain

https://match.prod.bidr.io/cookie-sync/ox
https://match.prod.bidr.io/cookie-sync/ox?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFGUFVFN0VsZ1lBQURZWE5aRGx6Zw&bee_sync_partners=pm%2Csas%2Cpp%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&b...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Csas%2Cpp%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAFPUE7ElgYAADYXNZDlzg&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpp%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAFPUE7ElgYAADYXNZDlzg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cox%26bee_sync_curre...

43 B
163 B

23ms
22ms

Image
image/gif

185.86.139.114
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAFPUE7ElgYAADYXNZDlzg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Protocol: HTTP/1.1
Server: 185.86.139.114 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:01 GMT
transfer-encoding: chunked
content-type: image/gif

Redirect headers

location: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAFPUE7ElgYAADYXNZDlzg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
Date: Mon, 04 Apr 2022 14:39:02 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
strict-transport-security: max-age=2592000; includeSubDomains

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 32FF 32 KB
10 KB 15ms
14ms Script
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 1119f39b46f15ecba4131ef36fa1019b2501d56883ad704f0bfc9034b57987dc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 14:39:02 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=81990
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9539
Expires: Tue, 05 Apr 2022 13:25:32 GMT

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 92CA 70 B
264 B 32ms
31ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:02 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 92CA
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&gdpr=1&cmp_cs=
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzAzMzUzMzAzMjY0NzY0MzI4NjYyNQ%3D%3D

170 B
189 B

16ms
16ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzAzMzUzMzAzMjY0NzY0MzI4NjYyNQ%3D%3D

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzAzMzUzMzAzMjY0NzY0MzI4NjYyNQ%3D%3D
date: Mon, 04 Apr 2022 14:39:02 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 92CA 170 B
189 B 18ms
16ms Image
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent=

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 92CA
Redirect Chain

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzAzMzUzMzAzMjY0NzY0MzI4NjYyNQ%3D%3D

170 B
189 B

16ms
16ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzAzMzUzMzAzMjY0NzY0MzI4NjYyNQ%3D%3D

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MzAzMzUzMzAzMjY0NzY0MzI4NjYyNQ%3D%3D
date: Mon, 04 Apr 2022 14:39:02 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 setuid
px.ads.linkedin.com/ Frame 92CA 0
140 B 198ms
194ms Image
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=3033533032647643286625&dbredirect=true&gdpr=1&consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 284F7D65A259425083C71B22DE3128FB Ref B: FRAEDGE1406 Ref C: 2022-04-04T14:39:02Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXb1Rbl3U8SZihufR97Tg==

GET
H2

200

xuid
eb2.3lift.com/ Frame 92CA
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/triplelift/3033533032647643286625?gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=2662&xuid=y-Vj33FTVE2oR_PQfWNJW90qvWPnWZXoc7QJQ5jQJC9Q--~A&dongle=0883

37 B
355 B

9ms
8ms

Image
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2662&xuid=y-Vj33FTVE2oR_PQfWNJW90qvWPnWZXoc7QJQ5jQJC9Q--~A&dongle=0883
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date: Mon, 04 Apr 2022 14:39:02 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://eb2.3lift.com/xuid?mid=2662&xuid=y-Vj33FTVE2oR_PQfWNJW90qvWPnWZXoc7QJQ5jQJC9Q--~A&dongle=0883
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H/1.1 200
OK sync
x.bidswitch.net/ Frame 92CA 43 B
220 B 65ms
6ms Image
image/gif 3.122.211.253
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=triplelift&user_id=3033533032647643286625&gdpr=1&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.122.211.253 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-211-253.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 14:39:02 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 c.gif
c.bing.com/ Frame 92CA 42 B
595 B 74ms
31ms Image
image/gif 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bing.com/c.gif?xid=3033533032647643286625&Red3=TLMS_pd
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:01 GMT
etag: "8120eaf0ff3ad81:0"
last-modified: Fri, 18 Mar 2022 19:39:54 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D091FEB5DE0B4F168D5827BF502620DC Ref B: FRAEDGE1513 Ref C: 2022-04-04T14:39:02Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

GET
H/1.1

200
OK

iu3
s.amazon-adsystem.com/ Frame 92CA
Redirect Chain

https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=3033533032647643286625
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=3033533032647643286625&dcc=t

0
0

101ms
100ms

Image
text/html

209.54.176.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=3033533032647643286625&dcc=t
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: HTTP/1.1
Server: 209.54.176.128 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:02 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: CMBYCKZPZBYXH6S8XYNZ
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=3033533032647643286625&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

xuid
eb2.3lift.com/ Frame 92CA
Redirect Chain

https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1

37 B
139 B

7ms
7ms

Image
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

Redirect headers

Location: https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:02 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 95
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 58B4 0
741 B 9ms
9ms Script
text/html 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:02 GMT
X-Proxy-Origin: 217.64.151.9; 217.64.151.9; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 07d66557-f378-411b-8057-b06ff1d77d5a
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 13926 Show response
g2.gumgum.com/usync/ Frame 9FFB 4 KB
2 KB 96ms
28ms Document
text/html 34.248.76.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a07616f5cdcfac14fb5a498820ddad5c074cf1719e64f823523d5ebf7b047e13

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Mon, 04 Apr 2022 14:39:02 GMT
etag: W/"0add56b99d01478c2d8de12f7cd7a0f26"
server: nginx
timing-allow-origin: *

GET
H2 204 ps
pixel.33across.com/ Frame 1B42 0
0 329ms
106ms Document
text/plain 67.202.105.22
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.22 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip22.67-202-105.static.steadfastdns.net
Software: 33XP004 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
server: 33XP004
x-33x-status: 2000208

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 0B8B 2 KB
814 B 30ms
7ms Document
text/html 51.38.120.206
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.38.120.206 , France, ASN16276 (OVH, FR),

Reverse DNS

ip206.ip-51-38-120.eu

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
content-type: text/html
strict-transport-security: max-age=15552000

GET
H/1.1 200
OK sync Show response
ssbsync.smartadserver.com/api/ Frame A90E 620 B
870 B 108ms
21ms Document
text/html 185.86.139.94
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.94 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: ccc1eda3418d5a3df5e4ef7042aee8648102fe88b083b8837605630a13efc84e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-length: 620
content-type: text/html
date: Mon, 04 Apr 2022 14:39:01 GMT

GET
H/1.1 200
OK usermatch Show response
ssum-sec.casalemedia.com/ Frame 785F 2 KB
3 KB 31ms
28ms Document
text/html 69.192.160.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.192.160.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-245.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 4dc6f0b467dc11bb082e80e8c97f396534088eab6972158c85fbd454191f6517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 1672
Content-Type: text/html
Date: Mon, 04 Apr 2022 14:39:02 GMT
Dropped-Udsids: 241|230|39|73|206|190|26|191
Expires: Mon, 04 Apr 2022 14:39:02 GMT
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Server: Apache
Vary: Is-Traffic-Usersync

GET
H2

200

sync
ads.servenobid.com/ Frame F357
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
https://ads.servenobid.com/sync?pid=312&uid=7017324650599299232

0
344 B

29ms
28ms

Image
image/avif

99.80.41.206
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=312&uid=7017324650599299232
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 99.80.41.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-80-41-206.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:02 GMT
X-Proxy-Origin: 217.64.151.9; 217.64.151.9; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: c47675e6-4ecd-46a9-9197-9890e1b47212
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ads.servenobid.com/sync?pid=312&uid=7017324650599299232
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame F357
Redirect Chain

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D
https://ads.servenobid.com/sync?pid=310&uid=a6a0b6e82264d0d69e00062c

0
347 B

29ms
29ms

Image
image/avif

99.80.41.206
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=310&uid=a6a0b6e82264d0d69e00062c
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 99.80.41.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-80-41-206.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:02 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ads.servenobid.com/sync?pid=310&uid=a6a0b6e82264d0d69e00062c
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap5ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame F357 0
277 B 34ms
29ms Image
text/plain 216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/pixel?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 04 Apr 2022 14:39:02 GMT
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT

GET
H2

200

sync
ads.servenobid.com/ Frame F357
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D
https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1649083143295
https://ads.servenobid.com/sync?pid=321&uid=OPTOUT

0
336 B

31ms
31ms

Image
image/avif

99.80.41.206
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=321&uid=OPTOUT
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 99.80.41.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-80-41-206.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:03 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:03 GMT
server: Tengine
etag: OPTOUT
content-type: text/html
location: https://ads.servenobid.com/sync?pid=321&uid=OPTOUT
cache-control: no-store, no-cache, must-revalidate
expires: 0

GET
H2

200

sync
ads.servenobid.com/ Frame F357
Redirect Chain

https://p.rfihub.com/cm?pub=44007&in=1
https://ads.servenobid.com/sync?pid=324&uid=5140084920359864151

0
344 B

28ms
28ms

Image
image/avif

99.80.41.206
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=324&uid=5140084920359864151
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 99.80.41.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-80-41-206.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Location: https://ads.servenobid.com/sync?pid=324&uid=5140084920359864151
Date: Mon, 04 Apr 2022 14:39:02 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK usa
sync.go.sonobi.com/ Frame F357 0
478 B 62ms
15ms Image
text/plain 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D332%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:02 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame F357
Redirect Chain

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D
https://ads.servenobid.com/sync?pid=327&uid=205df589-d6b1-4bcd-9246-27c517b23db5&gdpr=0&gdpr_consent=&us_privacy=1YN-

0
356 B

31ms
31ms

Image
image/avif

99.80.41.206
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=327&uid=205df589-d6b1-4bcd-9246-27c517b23db5&gdpr=0&gdpr_consent=&us_privacy=1YN-
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 99.80.41.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-80-41-206.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=327&uid=205df589-d6b1-4bcd-9246-27c517b23db5&gdpr=0&gdpr_consent=&us_privacy=1YN-
date: Mon, 04 Apr 2022 14:39:01 GMT
cache-control: max-age=0, private, must-revalidate
x-envoy-upstream-service-time: 1
server: envoy
content-length: 0

GET
H2

200

sync
ads.servenobid.com/ Frame F357
Redirect Chain

https://ups.analytics.yahoo.com/ups/58559/occ
https://ads.servenobid.com/sync?pid=337&uid=y-lCoAacdE2uF4PIgXxua2mm2GZg8zplVkLldCi78-~A

0
366 B

28ms
28ms

Image
image/avif

99.80.41.206
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=337&uid=y-lCoAacdE2uF4PIgXxua2mm2GZg8zplVkLldCi78-~A
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 99.80.41.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-80-41-206.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=337&uid=y-lCoAacdE2uF4PIgXxua2mm2GZg8zplVkLldCi78-~A
date: Mon, 04 Apr 2022 14:39:02 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 785F
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YksDBIYFreWLoXXsueWyFAAABKEAAAIB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&dcc=t

43 B
645 B

102ms
101ms

Image
image/gif

209.54.176.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D

Protocol

HTTP/1.1

Server

209.54.176.128 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:02 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 34MXFDKWRW27Y6CY5KZG
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:02 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 2A34PD8XYCGBBM4DNS2Y
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 785F 170 B
189 B 17ms
17ms Image
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 785F 70 B
264 B 33ms
31ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:02 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 YksDBIYFreWLoXXsueWyFAAABKEAAAIB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 785F 43 B
985 B 34ms
32ms Image
image/gif 2a05:d018:d29:3605:94f3:d01d:495a:dfd0
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/casale/YksDBIYFreWLoXXsueWyFAAABKEAAAIB?gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3605:94f3:d01d:495a:dfd0 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff

GET
H2 204 sync
ups.analytics.yahoo.com/ups/55940/ Frame 785F 0
15 B 12ms
11ms Image
text/plain 3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.33 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
server: ATS/9.1.0.33
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 400
Request failed due to privacy signals getuid
ib.adnxs.com/ Frame 785F 0
0 28ms
27ms Image
text/html 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H2 200 /
sync.taboola.com/sg/indexscod/1/cm/ Frame 785F 0
99 B 48ms
13ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/indexscod/1/cm/?us_privacy=&gdpr=1&gdpr_consent=&id=YksDBIYFreWLoXXsueWyFAAA%261185
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 13064

GET
H/1.1

200
OK

crum
dsum.casalemedia.com/ Frame 785F
Redirect Chain

https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3CIndex_user_id%3E&gdpr=1
https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=de245464-ce81-a966-9bb8442d

43 B
1 KB

105ms
27ms

Image
image/gif

69.192.160.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=de245464-ce81-a966-9bb8442d
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: HTTP/1.1
Server: 69.192.160.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-245.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:02 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Apr 2022 14:39:02 GMT

Redirect headers

date: Mon, 04 Apr 2022 14:39:02 GMT
via: 1.1 google
server: nginx/1.20.2
access-control-allow-origin: *
p3p: CP='This is not a P3P policy!'
location: https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=de245464-ce81-a966-9bb8442d
cache-control: max-age=3600
content-type: text/html; charset=utf-8
alt-svc: clear
content-length: 119

GET
H2 200 sync
ads.servenobid.com/ Frame 785F 0
357 B 29ms
28ms Image
image/avif 99.80.41.206
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=333&uid=YksDBIYFreWLoXXsueWyFAAABKEAAAIB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.41.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-80-41-206.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 9FFB
Redirect Chain

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
https://rtb.gumgum.com/usersync?b=apn&i=7017324650599299232

35 B
208 B

40ms
33ms

Image
image/gif

34.248.76.8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=apn&i=7017324650599299232
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:02 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:02 GMT
X-Proxy-Origin: 217.64.151.9; 217.64.151.9; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 99467e11-9bcf-4c41-99ae-b3d34d1745ca
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://rtb.gumgum.com/usersync?b=apn&i=7017324650599299232
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

usersync
rtb.gumgum.com/ Frame 9FFB
Redirect Chain

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_726c0f2d-36ea-41a4-b055-fd32f5107dfb&gdpr=0&gdpr_consent=&us_privacy=1---
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_custom_parameter=c3a5455c-a691-4fce-9c0d-6ef0dd768474
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_custom_parameter=c3a5455c-a691-4fce-9c0d-6ef0dd768474
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=48291d83-92ba-493f-9864-fc0a78520a54&user_group=1&ssp=gumgum2&bsw_param=c3a5455c-a691-4fce-9c0d-6ef0dd768474
https://rtb.gumgum.com/usersync?b=bsw&i=c3a5455c-a691-4fce-9c0d-6ef0dd768474

35 B
208 B

34ms
34ms

Image
image/gif

34.248.76.8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=bsw&i=c3a5455c-a691-4fce-9c0d-6ef0dd768474
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:02 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: //rtb.gumgum.com/usersync?b=bsw&i=c3a5455c-a691-4fce-9c0d-6ef0dd768474
Date: Mon, 04 Apr 2022 14:39:02 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2

200

sync-iframe
cs-server-s2s.yellowblue.io/ Frame 9FFB
Redirect Chain

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
https://rtb.gumgum.com/usersync?b=obn&i=ENC%28kiat4sEtewo-KURyBytF7LgWMLfHQ5gi41ngN_8iEaFHqnmGmuA0Am9NK-TJv2Ka%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26pla...
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_726c0f2d-36ea-41a4-b055-fd32f5107dfb&obuid=ENC(kiat4sEtewo-KURyBytF7LgWMLfHQ5gi41ngN_8iEaFHqnmGmuA0Am9NK-TJv2Ka)
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING&redirect=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Drise%26uid%3D%5BpartnerId%5D%26obUid%3Dki...

0
323 B

306ms
98ms

Image
text/html

3.224.178.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING&redirect=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Drise%26uid%3D%5BpartnerId%5D%26obUid%3Dkiat4sEtewo-KURyBytF7LgWMLfHQ5gi41ngN_8iEaFHqnmGmuA0Am9NK-TJv2Ka%26gdpr%3D%24GDPR_APPLIES%26gdpr_consent%3D%24CONSNT_STRING
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 3.224.178.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-224-178-199.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:03 GMT
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: text/html
access-control-allow-origin: https://g2.gumgum.com/
x-reason: could not perform CS due to GDPR policy: gdpr is not applied
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
content-length: 0

Redirect headers

Location: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING&redirect=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Drise%26uid%3D%5BpartnerId%5D%26obUid%3Dkiat4sEtewo-KURyBytF7LgWMLfHQ5gi41ngN_8iEaFHqnmGmuA0Am9NK-TJv2Ka%26gdpr%3D%24GDPR_APPLIES%26gdpr_consent%3D%24CONSNT_STRING
Date: Mon, 04 Apr 2022 14:39:03 GMT
X-TraceId: dcb4e1b5f220d971facdc39e59bd1eff
Content-Length: 0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 9FFB
Redirect Chain

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://rtb.gumgum.com/usersync?b=opx&i=9974ea5e-7fb4-4f4b-baf1-641c65995aea

35 B
208 B

40ms
34ms

Image
image/gif

34.248.76.8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=opx&i=9974ea5e-7fb4-4f4b-baf1-641c65995aea
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:02 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Mon, 04 Apr 2022 14:39:02 GMT
content-encoding: gzip
server: OXGW/18.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://rtb.gumgum.com/usersync?b=opx&i=9974ea5e-7fb4-4f4b-baf1-641c65995aea
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
via: 1.1 google

GET
H2

200

usersync
rtb.gumgum.com/ Frame 9FFB
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=sta&i=0-bff119f1-decd-411d-6f93-4e2d7044401d$ip$217.64.151.9

35 B
208 B

34ms
33ms

Image
image/gif

34.248.76.8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=sta&i=0-bff119f1-decd-411d-6f93-4e2d7044401d$ip$217.64.151.9
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:02 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=sta&i=0-bff119f1-decd-411d-6f93-4e2d7044401d$ip$217.64.151.9
Date: Mon, 04 Apr 2022 14:39:02 GMT
Connection: keep-alive
Content-Length: 121
Content-Type: text/html; charset=utf-8

GET
H2

200

usersync
rtb.gumgum.com/ Frame 9FFB
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=oth&i=y-rnrcOgBE2pc.BKpXUaGq6dfy6jOXdq1iHFW1~A

35 B
208 B

38ms
38ms

Image
image/gif

34.248.76.8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=oth&i=y-rnrcOgBE2pc.BKpXUaGq6dfy6jOXdq1iHFW1~A
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:02 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Mon, 04 Apr 2022 14:39:02 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://rtb.gumgum.com/usersync?b=oth&i=y-rnrcOgBE2pc.BKpXUaGq6dfy6jOXdq1iHFW1~A
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H2

200

usersync
rtb.gumgum.com/ Frame 9FFB
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%...
https://rtb.gumgum.com/usersync?b=vnt&i=f8bab27a-b424-11ec-b297-832d259745f8

35 B
208 B

33ms
33ms

Image
image/gif

34.248.76.8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=vnt&i=f8bab27a-b424-11ec-b297-832d259745f8
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:02 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=vnt&i=f8bab27a-b424-11ec-b297-832d259745f8
Date: Mon, 04 Apr 2022 14:39:02 GMT
Server: Apache-Coyote/1.1
Connection: keep-alive
Content-Length: 0
X-CI-RTID: f8bab27b-b424-11ec-b297-832d259745f8

GET
H2 204 services
sync.technoratimedia.com/ Frame 9FFB 0
293 B 291ms
96ms Image
text/plain 150.136.156.92
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 150.136.156.92 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 908069909
access-control-allow-origin: https://g2.gumgum.com/
access-control-allow-credentials: true

GET
H2 200 142
match.deepintent.com/usersync/ Frame 9FFB 0
44 B 300ms
95ms Image
text/plain 169.197.150.7
DEEPINTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.deepintent.com/usersync/142
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS: g.deepintent.com
Software: b /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
content-length: 0
server: b

GET
H2

200

usersync
rtb.gumgum.com/ Frame 9FFB
Redirect Chain

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_726c0f2d-36ea-41a4-b055-fd32f5107dfb&gdpr=0&gdpr_consent=&us_privacy=1---
https://stags.bluekai.com/site/23178?id=Wvnl_dgpV09Y7gTjL88H&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2...
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2V3WNZWF6ZDHOBLDAOKZG5TVI2SMHA4EQJTVONPXA...
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=Wvnl_dgpV09Y7gTjL88H&us_privacy=1---

35 B
208 B

34ms
33ms

Image
image/gif

34.248.76.8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=Wvnl_dgpV09Y7gTjL88H&us_privacy=1---
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:03 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:02 GMT
P3p: CP="We do not support P3P header."
Location: https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=Wvnl_dgpV09Y7gTjL88H&us_privacy=1---
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 118
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H/1.1

200
OK

usersync
usersync.gumgum.com/ Frame 9FFB
Redirect Chain

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://usersync.gumgum.com/usersync?b=idi&i=bf8628ed-a1d0-44a5-b84c-83296fb9e707

35 B
296 B

50ms
35ms

Image
image/gif

34.241.76.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=idi&i=bf8628ed-a1d0-44a5-b84c-83296fb9e707
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.241.76.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-76-6.eu-west-1.compute.amazonaws.com
Software: envoy /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:01 GMT
server: envoy
content-type: image/gif
cache-control: private, no-store, must-revalidate, max-age=0
x-envoy-upstream-service-time: 5
x-region: ireland
content-length: 35
expires: 0

Redirect headers

location: https://usersync.gumgum.com/usersync?b=idi&i=bf8628ed-a1d0-44a5-b84c-83296fb9e707
date: Mon, 04 Apr 2022 14:39:02 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET

floor6
sync.1rx.io/usersync2/ Frame 9FFB
Redirect Chain

https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent=
https://sync.1rx.io/usersync2/floor6?zcc=1&cb=1649083142311

0
0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 9FFB
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
https://rtb.gumgum.com/usersync?b=pln&i=kYC031P2n8y5&ev=1&pid=558355

35 B
208 B

38ms
38ms

Image
image/gif

34.248.76.8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=pln&i=kYC031P2n8y5&ev=1&pid=558355
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:02 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: de-DE
location: https://rtb.gumgum.com/usersync?b=pln&i=kYC031P2n8y5&ev=1&pid=558355
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-7597cd5c75-6rjls
expires: -1

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ Frame 9FFB 0
75 B 22ms
21ms Image
text/plain 185.86.139.94
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=15
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.94 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:01 GMT
content-length: 0

GET
H2 200 sync
ads.servenobid.com/ Frame 9FFB 0
357 B 31ms
29ms Image
image/avif 99.80.41.206
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=309&uid=e_726c0f2d-36ea-41a4-b055-fd32f5107dfb
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.41.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-80-41-206.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame F261
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
https://rtb.gumgum.com/usersync?b=mmh&i=613a624b-0304-4300-ab1f-1c2ce15bc642&gdpr=0&gdpr_consent=

35 B
208 B

44ms
34ms

Document
image/gif

34.248.76.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=mmh&i=613a624b-0304-4300-ab1f-1c2ce15bc642&gdpr=0&gdpr_consent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cache-control: private, no-store, must-revalidate, max-age=0
content-length: 35
content-type: image/gif;charset=UTF-8
date: Mon, 04 Apr 2022 14:39:02 GMT
expires: 0
pragma: no-cache
server: nginx
timing-allow-origin: *

Redirect headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Content-Type: image/gif
Date: Mon, 04 Apr 2022 14:39:02 GMT
Expires: Mon, 04 Apr 2022 14:39:01 GMT
Keep-Alive: timeout=360
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 4320 2f2dfe5 master zrh-pixel-x31 config:1.0.0
location: https://rtb.gumgum.com/usersync?b=mmh&i=613a624b-0304-4300-ab1f-1c2ce15bc642&gdpr=0&gdpr_consent=

GET
H/1.1

200
OK

usersync Show response
usersync.gumgum.com/ Frame E5F5
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
https://usersync.gumgum.com/usersync?b=atm&i=YksC-wAAAHsVCAQA&gdpr=0&gdpr_consent=

35 B
296 B

132ms
34ms

Document
image/gif

34.241.76.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=atm&i=YksC-wAAAHsVCAQA&gdpr=0&gdpr_consent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.241.76.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-76-6.eu-west-1.compute.amazonaws.com
Software: envoy /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cache-control: private, no-store, must-revalidate, max-age=0
content-length: 35
content-type: image/gif
date: Mon, 04 Apr 2022 14:39:01 GMT
expires: 0
pragma: no-cache
server: envoy
x-envoy-upstream-service-time: 4
x-region: ireland

Redirect headers

accept-ranges: bytes
cache-control: no-cache
content-length: 0
date: Mon, 04 Apr 2022 14:39:02 GMT
location: https://usersync.gumgum.com/usersync?b=atm&i=YksC-wAAAHsVCAQA&gdpr=0&gdpr_consent=
pragma: no-cache
retry-after: 0
server: Varnish
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 0
x-served-by: cache-hhn4068-HHN
x-timer: S1649083142.331739,VS0,VE0

GET
H3 200 pixel Show response
cm.g.doubleclick.net/ Frame BB7F 170 B
189 B 18ms
17ms Document
image/png 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV83MjZjMGYyZC0zNmVhLTQxYTQtYjA1NS1mZDMyZjUxMDdkZmI=&gdpr=0&gdpr_consent=

Requested by

Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 170
content-type: image/png
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 14:39:02 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
server: HTTP server (unknown)
x-xss-protection: 0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame BFC6 15 KB
6 KB 93ms
92ms Document
text/html 69.192.160.199
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.192.160.199 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-199.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=35228
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Mon, 04 Apr 2022 14:39:02 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Tue, 05 Apr 2022 00:26:10 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 20A3
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=ttd&i=56c64d6a-ae00-4926-ae6f-e73bea6241af&t=1651675142

35 B
208 B

34ms
34ms

Document
image/gif

34.248.76.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=ttd&i=56c64d6a-ae00-4926-ae6f-e73bea6241af&t=1651675142
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cache-control: private, no-store, must-revalidate, max-age=0
content-length: 35
content-type: image/gif;charset=UTF-8
date: Mon, 04 Apr 2022 14:39:02 GMT
expires: 0
pragma: no-cache
server: nginx
timing-allow-origin: *

Redirect headers

cache-control: private,no-cache, must-revalidate
content-length: 209
content-type: text/html
date: Mon, 04 Apr 2022 14:39:02 GMT
location: https://rtb.gumgum.com/usersync?b=ttd&i=56c64d6a-ae00-4926-ae6f-e73bea6241af&t=1651675142
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame AE3D
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
https://eus.rubiconproject.com/usync.html?p=gumgum

281 B
554 B

6ms
6ms

Document
text/html

104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 04 Apr 2022 14:39:02 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Mon, 04 Apr 2022 14:39:02 GMT
location: https://eus.rubiconproject.com/usync.html?p=gumgum
server: AkamaiGHost

GET
H/1.1

200
OK

usersync Show response
usersync.gumgum.com/ Frame 7A16
Redirect Chain

https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=0&gdpr_consent=
https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24EMXUID
https://cs.emxdgt.com/umcheck?apnxid=7017324650599299232&redirect=https://usersync.gumgum.com/usersync?b=emx&i=$EMXUID
https://usersync.gumgum.com/usersync?b=emx&uid=7017324650599299232brt201261649083142371530f1

35 B
296 B

94ms
33ms

Document
image/gif

34.241.76.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=emx&uid=7017324650599299232brt201261649083142371530f1
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.241.76.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-76-6.eu-west-1.compute.amazonaws.com
Software: envoy /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cache-control: private, no-store, must-revalidate, max-age=0
content-length: 35
content-type: image/gif
date: Mon, 04 Apr 2022 14:39:01 GMT
expires: 0
pragma: no-cache
server: envoy
x-envoy-upstream-service-time: 0
x-region: ireland

Redirect headers

content-length: 0
content-type: text/html
date: Mon, 04 Apr 2022 14:39:01 GMT
location: https://usersync.gumgum.com/usersync?b=emx&uid=7017324650599299232brt201261649083142371530f1

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame D14F
Redirect Chain

https://tg.socdm.com/aux/idsync?proto=gumgum
https://rtb.gumgum.com/usersync?b=sus&i=YksDBsCo8YQAAJH2ng4AAAAA

35 B
208 B

33ms
33ms

Document
image/gif

34.248.76.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=sus&i=YksDBsCo8YQAAJH2ng4AAAAA
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cache-control: private, no-store, must-revalidate, max-age=0
content-length: 35
content-type: image/gif;charset=UTF-8
date: Mon, 04 Apr 2022 14:39:03 GMT
expires: 0
pragma: no-cache
server: nginx
timing-allow-origin: *

Redirect headers

Cache-Control: private
Connection: keep-alive
Content-Length: 0
Date: Mon, 04 Apr 2022 14:39:02 GMT
Location: https://rtb.gumgum.com/usersync?b=sus&i=YksDBsCo8YQAAJH2ng4AAAAA
P3P: CP="See also http://www.scaleout.jp/privacy/"
Server: nginx
X-SO-Ads-Time: 2
X-SO-Cluster-ID: 10
X-SO-HostName: m-ad25.dc4p.scaleout.jp
X-SO-IP: 217.64.151.9
X-SO-Key: YksDBsCo8YQAAJH2ng4AAAAA
X-SO-LB-Data: {"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":10,"gdpr":true,"ipv4":"0.0.0.0","key":"YksDBsCo8YQAAJH2ng4AAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad25"}
X-SO-LB-Hostname: m-tgng32.dc4p.scaleout.jp
X-SO-Upstream-ID: m-ad25

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame D35D
Redirect Chain

https://creativecdn.com/cm-notify?pi=gumgum
https://creativecdn.com/cm-notify?pi=gumgum&tc=1
https://rtb.gumgum.com/usersync?b=rth&i=utWF8ZYrCiZqaPlmyHE5&pi=gumgum&tc=1

35 B
208 B

34ms
33ms

Document
image/gif

34.248.76.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=rth&i=utWF8ZYrCiZqaPlmyHE5&pi=gumgum&tc=1
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.76.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-76-8.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cache-control: private, no-store, must-revalidate, max-age=0
content-length: 35
content-type: image/gif;charset=UTF-8
date: Mon, 04 Apr 2022 14:39:02 GMT
expires: 0
pragma: no-cache
server: nginx
timing-allow-origin: *

Redirect headers

cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
date: Mon, 04 Apr 2022 14:39:02 GMT Mon, 04 Apr 2022 14:39:02 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://rtb.gumgum.com/usersync?b=rth&i=utWF8ZYrCiZqaPlmyHE5&pi=gumgum&tc=1
pragma: no-cache

GET
H2 200 sync
ads.servenobid.com/ Frame A90E 0
343 B 29ms
28ms Image
image/avif 99.80.41.206
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=317&uid=7962931321991229201&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.41.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-80-41-206.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame A90E
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=smart-adserver&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=smart-adserver&ttd_tpi=1&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?partnerid=75&issi=1&partneruserid=7f0abd6a-1fa3-418c-99fb-344c195a3f4e&gdpr=1&gdpr_consent=

43 B
163 B

63ms
20ms

Image
image/gif

185.86.139.114
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=75&issi=1&partneruserid=7f0abd6a-1fa3-418c-99fb-344c195a3f4e&gdpr=1&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 185.86.139.114 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
transfer-encoding: chunked
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:02 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://rtb-csync.smartadserver.com/redir/?partnerid=75&issi=1&partneruserid=7f0abd6a-1fa3-418c-99fb-344c195a3f4e&gdpr=1&gdpr_consent=
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 299

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame A90E
Redirect Chain

https://sync.1rx.io/usersync2/smartadserver?gdpr=0&gdpr_consent=
https://sync.1rx.io/usersync2/smartadserver?zcc=1&cb=1649083142330
https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=OPTOUT

43 B
163 B

21ms
21ms

Image
image/gif

185.86.139.114
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=OPTOUT
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 185.86.139.114 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
transfer-encoding: chunked
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:03 GMT
server: Tengine
etag: OPTOUT
content-type: text/html
location: https://rtb-csync.smartadserver.com/redir/?partnerid=113&partneruserid=OPTOUT
cache-control: no-store, no-cache, must-revalidate
expires: 0

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame A90E
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D22%26partneruserid%3DYOUR_USER_ID&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=2816406467213944867&gdpr=0&gdpr_consent=

43 B
408 B

95ms
21ms

Image
image/gif

185.86.139.114
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=2816406467213944867&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 185.86.139.114 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:01 GMT
cache-control: no-cache,no-store
content-type: image/gif
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:02 GMT
server: nginx
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=22&partneruserid=2816406467213944867&gdpr=0&gdpr_consent=
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H/1.1

200
OK

/
rtb-csync.smartadserver.com/redir/ Frame A90E
Redirect Chain

https://sync.tidaltv.com/genericusersync.ashx?dpid=3157&gdpr=0&gdpr_consent=
https://sync.tidaltv.com/genericusersync.ashx?dpid=3157&gdpr=0&gdpr_consent=&s_h=1
https://rtb-csync.smartadserver.com/redir/?partnerid=96&partneruserid=7b76632d-07ae-438d-9b72-94ecb3d98783&gdpr=0&gdpr_consent=

43 B
448 B

21ms
21ms

Image
image/gif

185.86.139.114
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=96&partneruserid=7b76632d-07ae-438d-9b72-94ecb3d98783&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Server: 185.86.139.114 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:02 GMT
cache-control: no-cache,no-store
content-type: image/gif
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:02 GMT
server: Apache-Coyote/1.1
location: https://rtb-csync.smartadserver.com/redir/?partnerid=96&partneruserid=7b76632d-07ae-438d-9b72-94ecb3d98783&gdpr=0&gdpr_consent=
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
x-xss-protection: 1; mode=block
expires: 0

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame AE3D 32 KB
10 KB 8ms
8ms Script
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 1119f39b46f15ecba4131ef36fa1019b2501d56883ad704f0bfc9034b57987dc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 14:39:02 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=81990
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9539
Expires: Tue, 05 Apr 2022 13:25:32 GMT

GET
H2

204

v1
ads.yahoo.com/cms/ Frame 32FF
Redirect Chain

https://token.rubiconproject.com/token?pid=26594
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L1KTIRQQ-H-AFJR&sigv=1&esig=2~8a68af6d4586aae9680cfe121ad9138e6ba92208

0
194 B

62ms
18ms

Image
text/plain

2a00:1288:80:807::1
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L1KTIRQQ-H-AFJR&sigv=1&esig=2~8a68af6d4586aae9680cfe121ad9138e6ba92208

Protocol

Server

2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L1KTIRQQ-H-AFJR&sigv=1&esig=2~8a68af6d4586aae9680cfe121ad9138e6ba92208
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

setuid
px.ads.linkedin.com/ Frame 32FF
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L1KTIRQQ-H-AFJR

0
142 B

185ms
185ms

Image
text/plain

2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L1KTIRQQ-H-AFJR
Protocol: H2
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 04FC32F6D1424B329368D7E327EBC774 Ref B: FRAEDGE1406 Ref C: 2022-04-04T14:39:02Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXb1RbpkhAuFFChX6XfPQ==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L1KTIRQQ-H-AFJR
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 32FF
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MGMwNjMzYmUwODhlMGJhZGU2ODNjZmU0YzE1ZDI3NzNmNTE3Mjk1Ng

170 B
189 B

16ms
16ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MGMwNjMzYmUwODhlMGJhZGU2ODNjZmU0YzE1ZDI3NzNmNTE3Mjk1Ng

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MGMwNjMzYmUwODhlMGJhZGU2ODNjZmU0YzE1ZDI3NzNmNTE3Mjk1Ng
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 451 709414.gif
id.rlcdn.com/ Frame 32FF 0
0 40ms
16ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/709414.gif
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 32FF
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/aFYYHE31p7n0giL_gGqAAg?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=3716779519947541492

0
239 B

8ms
8ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=3716779519947541492
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 611afce88997db6fdd35eb213e662871
Content-Type: image/gif

Redirect headers

date: Mon, 04 Apr 2022 14:39:02 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=3716779519947541492
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 32FF
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFLVElSUVEtSC1BRkpS

170 B
189 B

17ms
17ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFLVElSUVEtSC1BRkpS

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFLVElSUVEtSC1BRkpS
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 32FF
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=13wyoVL-Tc2R1gPaQVwlfQ&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=13wyoVL-Tc2R1gPaQVwlfQ

43 B
556 B

105ms
105ms

Image
image/gif

209.54.176.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=13wyoVL-Tc2R1gPaQVwlfQ

Protocol

HTTP/1.1

Server

209.54.176.128 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:02 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: R870Y8ZFTZ37WFKYFE29
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=13wyoVL-Tc2R1gPaQVwlfQ
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame 32FF 70 B
264 B 37ms
37ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 14:39:02 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 um
cs.emxdgt.com/ Frame 57F1 0
0 14ms
13ms Document
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.emxdgt.com/um?ssp=pbs&redirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D44%26userId%3D%24UID
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

content-length: 0
content-type: text/html
date: Mon, 04 Apr 2022 14:39:01 GMT

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame FB07
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17632&endpoint=us-east
https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east

281 B
554 B

7ms
6ms

Document
text/html

104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 04 Apr 2022 14:39:02 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Mon, 04 Apr 2022 14:39:02 GMT
location: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
server: AkamaiGHost

GET
H/1.1 200
OK uc.html Show response
go.sonobi.com/ Frame 7194 43 B
575 B 71ms
12ms Document
text/html 178.162.133.148
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sonobi.com/uc.html?pubid=e55fb5d7c2

Requested by

Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.148 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1.go.sonobi.com

Software

sonobi-go /

Resource Hash

bcdf010ba3dc61605c33de9b33e7e76dbc3bb4326dcec49f33970345e517fb25

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Cache-Control: no-cache, no-store, private
Content-Encoding: gzip
Content-Type: text/html
Date: Mon, 04 Apr 2022 14:39:02 GMT
Expires: Sat, 26 Jul 1997 05:00:00 GMT
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Server: sonobi-go
Tcn: Choice
Transfer-Encoding: chunked
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-8
X-Xss-Protection: 0

GET
H2 200 cm Show response
gift-connect-d.openx.net/w/1.0/ Frame 2CDF 0
83 B 32ms
25ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://gift-connect-d.openx.net/w/1.0/cm?id=fd531c74-f5ed-4e60-8874-939fb2acafa1&r=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D19%26userId%3D
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Mon, 04 Apr 2022 14:39:02 GMT
server: OXGW/18.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 59AD 15 KB
6 KB 38ms
37ms Document
text/html 69.192.160.199
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156319&userIdMacro=PM_UID&predirect=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D4%26userId%3DPM_UID
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.192.160.199 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-199.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=35228
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Mon, 04 Apr 2022 14:39:02 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Tue, 05 Apr 2022 00:26:10 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H2

200

i.gif
e.serverbid.com/udb/9969/sync/ Frame 1C77
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D28%26userId%3D%24UID
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=7017324650599299232

0
44 B

97ms
97ms

Image
text/plain

167.172.1.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=7017324650599299232
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Server: 167.172.1.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
content-length: 0

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:02 GMT
X-Proxy-Origin: 217.64.151.9; 217.64.151.9; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 8ee68e21-a725-4f32-944c-bcd0f1b96947
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=28&userId=7017324650599299232
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

i.gif
e.serverbid.com/udb/9969/sync/ Frame 1C77
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=185073&cb=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=YksDBIYFreWLoXXsueWyFAAA%261185

0
44 B

98ms
97ms

Image
text/plain

167.172.1.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=YksDBIYFreWLoXXsueWyFAAA%261185
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Server: 167.172.1.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
content-length: 0

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:02 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=1&userId=YksDBIYFreWLoXXsueWyFAAA%261185
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 282
Expires: Mon, 04 Apr 2022 14:39:02 GMT

GET
H2

200

i.gif
e.serverbid.com/udb/9969/sync/ Frame 1C77
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fe.serverbid.com%2Fudb%2F9969%2Fsync%2Fi.gif%3FpartnerId%3D24%26userId%3D%24UID
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=24&userId=a6a0b6e82264d0d69e00062c

0
44 B

116ms
113ms

Image
text/plain

167.172.1.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=24&userId=a6a0b6e82264d0d69e00062c
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Server: 167.172.1.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
content-length: 0

Redirect headers

Date: Mon, 04 Apr 2022 14:39:02 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=24&userId=a6a0b6e82264d0d69e00062c
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H/1.1 200
OK usa
sync.go.sonobi.com/ Frame 1C77 0
478 B 14ms
13ms Image
text/plain 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usa?https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=38&userId=

Requested by

Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:02 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

i.gif
e.serverbid.com/udb/9969/sync/ Frame 1C77
Redirect Chain

https://pixel.advertising.com/ups/56621/occ
https://ups.analytics.yahoo.com/ups/56621/occ?apid=UPf78d2eef-b424-11ec-a461-02c4a1bc5354
https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UPf78d2eef-b424-11ec-a461-02c4a1bc5354

0
44 B

101ms
98ms

Image
text/plain

167.172.1.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UPf78d2eef-b424-11ec-a461-02c4a1bc5354
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: H2
Server: 167.172.1.14 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
content-length: 0

Redirect headers

location: https://e.serverbid.com/udb/9969/sync/i.gif?partnerId=29&userId=UPf78d2eef-b424-11ec-a461-02c4a1bc5354
date: Mon, 04 Apr 2022 14:39:02 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

us.gif
sync.go.sonobi.com/ Frame 1C77
Redirect Chain

https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dco%26nuid%3D
https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-0f8574af-8540-4539-bcf9-99d2fa4be766

49 B
509 B

12ms
12ms

Image
image/gif

178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-0f8574af-8540-4539-bcf9-99d2fa4be766

Requested by

Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Protocol

HTTP/1.1

Server

178.162.133.149 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:02 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: image/gif
Content-Length: 49
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://sync.go.sonobi.com/us.gif?nw=co&nuid=ue1-sb1-0f8574af-8540-4539-bcf9-99d2fa4be766
cache-control: no-cache
content-length: 0

GET
H/1.1

200
OK

56939
i6.liadm.com/s/ Frame 1C77
Redirect Chain

https://e.serverbid.com/udb/9969/match?redir=https%3A%2F%2Fi.liadm.com%2Fs%2F56939%3Fbidder_id%3D203802%26bidder_uuid%3D
https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-0f8574af-8540-4539-bcf9-99d2fa4be766
https://i.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-0f8574af-8540-4539-bcf9-99d2fa4be766&_li_chk=true&previous_uuid=a4c5ce24128546f49abe57cb9e6dd515
https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-0f8574af-8540-4539-bcf9-99d2fa4be766

43 B
419 B

289ms
94ms

Image
image/gif

2600:1f18:444a:4680:5b76:7408:bdd4:1592
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-0f8574af-8540-4539-bcf9-99d2fa4be766

Requested by

Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Protocol

HTTP/1.1

Server

2600:1f18:444a:4680:5b76:7408:bdd4:1592 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 14:39:03 GMT
Cache-Control: no-store
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/56939?bidder_id=203802&bidder_uuid=ue1-sb1-0f8574af-8540-4539-bcf9-99d2fa4be766
Date: Mon, 04 Apr 2022 14:39:02 GMT
Connection: keep-alive
Content-Length: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame AE3D 0
239 B 12ms
12ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum&khaos=L1KTIRQQ-H-AFJR
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 611afce88997db6fdd35eb213e662871
Content-Type: image/gif

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame FB07 32 KB
10 KB 8ms
7ms Script
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 1119f39b46f15ecba4131ef36fa1019b2501d56883ad704f0bfc9034b57987dc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=17632&endpoint=us-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 14:39:02 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=81990
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9539
Expires: Tue, 05 Apr 2022 13:25:32 GMT

GET
H/1.1 204
No Content sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame FB07 0
239 B 385ms
94ms Image
image/gif 69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=17632&khaos=L1KTIRQQ-H-AFJR
Requested by: Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
URL: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 84e0f527cd81a00b0210e20b4ee7ed94
Content-Type: image/gif

POST
H/1.1 200
OK st Show response
capi-tier-2-us-east-2.connatix.com/tr/ Frame DA43 0
315 B 109ms
107ms XHR
application/x-protobuf 18.118.192.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://capi-tier-2-us-east-2.connatix.com/tr/st?v=157383
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.118.192.126 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-118-192-126.us-east-2.compute.amazonaws.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Mon, 04 Apr 2022 14:39:02 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/x-protobuf
access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 20

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 58B4 0
741 B 8ms
8ms Script
text/html 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 14:39:03 GMT
X-Proxy-Origin: 217.64.151.9; 217.64.151.9; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 7c32dcba-0f6a-4fae-8056-940fdc371e4a
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnHGG6Sgvrlad&google_cver=1&google_gid=CAESEDlzhL3FvnFQneeYBa7tuOU

Domain: googlecm.hit.gemius.pl
URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEE8pRLmk4WcahdGNEGWrncI&google_cver=1&google_push=AYg5qPJYxmti126FpO7FtD0oYh5bXeDGMEKeUMv_QkvjwzW-faGM96O7ds9MS8f2Fu1Jag8F8pEwQzrgbmG131awQnmjqEBcKvU0bg

Domain: sync.1rx.io
URL: https://sync.1rx.io/usersync2/floor6?zcc=1&cb=1649083142311

Verdicts & Comments Add Verdict or Comment

417 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

116 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.3lift.com/sync	1970-01-20 04:14:19	Name: sync Value: CgoIoQEQxZ-PqP8vCgoIgQIQxZ-PqP8vCgoI4gEQxZ-PqP8vCgoI5gEQxZ-PqP8vCgoIhwIQxZ-PqP8vCgkICRDFn4-o_y8KCQg6EMWfj6j_LwoJCAsQxZ-PqP8vCgoIjAIQxZ-PqP8vCgkIXxDFn4-o_y8=
i.liadm.com/s	1970-01-20 02:47:55	Name: _li_ss Value: MgkI_____wcQ_BE
.threatpost.com/	1970-01-20 02:04:44	Name: _cs_mk Value: 0.8148885117554892_1649083136449
.demdex.net/	1970-01-20 06:23:55	Name: demdex Value: 31216196506237851593199361533659695829
.threatpost.com/	1969-12-31 23:59:59	Name: AMCVS_983502BE532960BE0A490D4C%40AdobeOrg Value: 1
.everesttech.net/	1970-01-20 10:50:19	Name: everest_g_v2 Value: g_surferid~YksC-wAAAHsVCAQA
.threatpost.com/	1970-01-20 02:06:09	Name: _gid Value: GA1.2.1122971549.1649083137
.threatpost.com/	1970-01-20 02:04:43	Name: _gat_UA-35676203-21 Value: 1
.dpm.demdex.net/	1970-01-20 06:23:55	Name: dpm Value: 31216196506237851593199361533659695829
.threatpost.com/	1970-01-20 19:37:21	Name: AMCV_983502BE532960BE0A490D4C%40AdobeOrg Value: 1585540135%7CMCIDTS%7C19087%7CMCMID%7C26686259351274717732467004971664565391%7CMCAAMLH-1649687936%7C6%7CMCAAMB-1649687936%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1649090337s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19094%7CvVersion%7C4.4.0
.t.co/	1970-01-20 19:35:55	Name: muc_ads Value: d2c5ac53-e472-4167-aa58-8eebbc689c81
threatpost.com/	1970-01-20 02:47:55	Name: _pbjs_userid_consent_data Value: 6683316680106290
.quantserve.com/	1970-01-20 11:34:57	Name: mc Value: 624b0300-42ab3-a9345-9f597
.threatpost.com/	1970-01-20 11:29:11	Name: __qca Value: P0-1596131302-1649083137136
.adnxs.com/	1970-01-20 04:14:19	Name: uuid2 Value: 7017324650599299232
.lijit.com/	1970-01-20 10:50:19	Name: ljtrtb Value: eJyrrgUAAXUA%2BQ%3D%3D
.lijit.com/	1970-01-20 10:50:19	Name: ljt_reader Value: a6a0b6e82264d0d69e00062c
.rubiconproject.com/	1970-01-20 10:50:19	Name: khaos Value: L1KTIRQQ-H-AFJR
.rubiconproject.com/	1970-01-20 10:50:19	Name: audit Value: 1\|naVuGyos1qr6J7hzgrljOTpcd3HBZZ775PzI6EyVJjlVAthPpLFZy8KMgZEbgD+nb05ecXDiI+jhlI2uKWkDtsxuhZpbWKLtINWY3Pa16NE=
.openx.net/	1970-01-20 10:50:19	Name: i Value: bde57177-fe26-48ea-875c-bc19c9ee6851\|1649083136
threatpost.com/	1970-01-20 10:50:19	Name: usprivacy Value: 1---
e.serverbid.com/	1970-01-20 10:50:19	Name: azk Value: ue1-sb1-0f8574af-8540-4539-bcf9-99d2fa4be766
.threatpost.com/	1970-01-20 06:23:55	Name: _pubcid Value: 6dc6ccdc-9eb2-4f7b-9175-c5016f7dc86a
.threatpost.com/	1970-01-20 02:04:43	Name: _gat_UA-63997723-2 Value: 1
threatpost.com/	1970-01-21 02:04:43	Name: CookieConsent Value: {stamp:1603931084=='\|Cnecessary:true\|Cpreferences:true\|Cstatistics:true\|Cmarketing:true\|Cver:1\|Cutc:103336164\|Cregion:'not_gdpr'}
prebid.a-mo.net/	1970-01-20 10:50:19	Name: __amc Value: 2_1649083136_1649083136
.threatpost.com/	1970-01-20 04:14:19	Name: _gcl_au Value: 1.1.457431537.1649083138
.threatpost.com/	1970-01-20 19:35:55	Name: _ga_YP1JLG57CH Value: GS1.1.1649083138.1.0.1649083138.0
.threatpost.com/	1970-01-20 19:35:55	Name: _ga Value: GA1.1.414288784.1649083137
.linkedin.com/	1970-01-20 02:47:55	Name: UserMatchHistory Value: AQJp_j5aQ9MqxwAAAX_1A7ygUJF3I4ppysM-9ai4iBoSM7_l-QN9RPtrZwOuq_tVpHeKXBnG-tZFbQ
.linkedin.com/	1970-01-20 02:47:55	Name: AnalyticsSyncHistory Value: AQJ5iKFOjixztwAAAX_1A7ygaVj8DEA8uYslFnarBvz1LZgRiwuLYXJJUAH5FxbTZTFMmpb-T3XuGTKXZwF2tA
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 19:36:36	Name: bcookie Value: "v=2&b91d9b62-21b2-4ae1-8e34-b7bd5f6a6a45"
.linkedin.com/	1970-01-20 02:06:09	Name: lidc Value: "b=OGST08:s=O:r=O:a=O:p=O:g=2277:u=1:x=1:i=1649083137:t=1649169537:v=2:sig=AQHblsUYiuGHSJHsTZAAX5apeH0xvl4K"
.threatpost.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 19:36:36	Name: bscookie Value: "v=1&2022040414385751478d34-94ba-48c2-8244-983c02ca5b66AQHNQt77nsRxgxtQnyvZtydyldeAUEVZ"
.linkedin.com/	1970-01-20 19:27:44	Name: li_gc Value: MTswOzE2NDkwODMxMzc7MjswMjE7Om+rhLXepP4OjQZhwiiiJKR/Q6P7125fl9PcNPfSIA==
.adnxs.com/	1970-01-20 04:14:19	Name: icu Value: ChgIzLJhEAoYAiACKAIwgYaskgY4AkACSAIQgYaskgYYAQ..
.doubleclick.net/	1970-01-20 11:26:19	Name: IDE Value: AHWqTUnB5zr2hXu_RjceJc8JDxOGHigiMiMeX07OIlg8UMSBs6A380qxdw0wAgTvHa4
.casalemedia.com/	1970-01-20 04:14:19	Name: CMPS Value: 5203
.adnxs.com/	1970-01-20 04:14:19	Name: anj Value: dTM7k!M41.D>6NRF']wIg2HbXJ*8R?!1yIE`fS1ueD1W-044)d+]UfqB:vbhpX4UcUy=xsH2@fW-L+WX2)zdUEjPV=9RFMZ9T5_m!x'i3)G$Ty
.casalemedia.com/	1970-01-20 10:50:19	Name: CMID Value: YksDBIYFreWLoXXsueWyFAAA
.threatpost.com/	1970-01-20 11:26:19	Name: __gads Value: ID=155ab87f274ca756-2260f1f86ccd002f:T=1649083137:RT=1649083139:S=ALNI_MY_Tk339eMSL2Sc_Dw8LTKDxah-ew
.casalemedia.com/	1970-01-20 04:14:19	Name: CMPRO Value: 1185
.mathtag.com/	1970-01-20 11:30:38	Name: uuid Value: 613a624b-0304-4300-ab1f-1c2ce15bc642
.threatpost.com/	1970-01-20 11:26:19	Name: cto_bundle Value: w4pJFl9Zckp2WHlLMWpYVHBPUmVrSndoY1Zqa2dRWllxWVg2Y3pybTVsdzBrZ2g1QzdVb2o2RGVtJTJCUHNVV0NPM2lsQU9XZ3d6MSUyRmlsZ3MzMzFJdU5DSmFVRVolMkY0THB2TGVsUHRKT1RYYXBHQnNjdHpYcVNTT1F5MkU2bU54VXhuSEElMkY2
.threatpost.com/	1970-01-20 11:26:19	Name: cto_bidid Value: TLbru192bzA4MVBodEVOY1JmZlJOWSUyQjY3MEZpanphaG5xM1QyUUFvUDlkVVljZzlzREFLVWo1RDA3R3JzTGJaSE1WdzJPJTJCYzVRQmtKb1RVQzNUWDFZcGR5cnclM0QlM0Q
.adform.net/	1970-01-20 02:47:55	Name: C Value: 1
.adform.net/	1970-01-20 03:31:07	Name: uid Value: 2816406467213944867
.doubleclick.net/	1970-01-20 02:04:46	Name: DSID Value: NO_DATA
.advertising.com/	1970-01-20 10:51:45	Name: APID Value: UPf78d2eef-b424-11ec-a461-02c4a1bc5354
.spotxchange.com/	1970-01-20 10:50:23	Name: audience Value: f7901c53-b424-11ec-ad3a-14604df00306
.quantserve.com/	1970-01-20 04:14:19	Name: d Value: EBQBDwHpJYEPisMA
.yahoo.com/	1970-01-20 10:50:40	Name: A3 Value: d=AQABBAQDS2ICEICh_23pZ4NVsdzQlizkdcsFEgEBAQFUTGJUYgAAAAAA_eMAAA&S=AQAAAsoBvD717S2UehkFbFAxwA8
.pubmatic.com/	1970-01-20 02:06:09	Name: KTPCACOOKIE Value: YES
.pubmatic.com/	1970-01-20 04:14:19	Name: KADUSERCOOKIE Value: C0F34DE8-7C04-4704-B88B-4D560D97F021
.innovid.com/	1970-01-20 04:14:19	Name: uuid Value: a89b8322-481e-4703-9ca4-d5d4786308cf-20220404 10:39:00
.3lift.com/	1970-01-20 04:14:19	Name: tluid Value: 3033533032647643286625
.openx.net/	1970-01-20 02:26:19	Name: pd Value: v2\|1649083140.2\|kiiygevNgun0.gqsLommOnsgi
.w55c.net/	1970-01-20 11:33:31	Name: wfivefivec Value: bbCHfU671NBnRc5
.w55c.net/	1970-01-20 02:47:55	Name: matchopenx Value: 5
.bidswitch.net/	1970-01-20 10:50:19	Name: tuuid Value: c3a5455c-a691-4fce-9c0d-6ef0dd768474
.bidswitch.net/	1970-01-20 10:50:19	Name: c Value: 1649083142
.bidswitch.net/	1970-01-20 10:50:19	Name: tuuid_lu Value: 1649083142
.casalemedia.com/	1970-01-20 02:06:09	Name: CMST Value: YksDBGJLAwYA
.bing.com/	1970-01-20 11:26:19	Name: MUID Value: 0AC5BA8DACD264F216F2ABF1ADB965C5
.servenobid.com/	1970-01-20 02:14:47	Name: pid_312 Value: 7017324650599299232
.servenobid.com/	1970-01-20 02:14:47	Name: pid_337 Value: y-lCoAacdE2uF4PIgXxua2mm2GZg8zplVkLldCi78-~A
.lijit.com/	1970-01-20 10:50:19	Name: _ljtrtb_273657 Value: 273657
.servenobid.com/	1970-01-20 02:14:47	Name: pid_333 Value: YksDBIYFreWLoXXsueWyFAAABKEAAAIB
.gumgum.com/	1970-01-20 10:50:19	Name: vst Value: e_726c0f2d-36ea-41a4-b055-fd32f5107dfb
.rfihub.com/	1970-01-20 11:26:19	Name: eud Value: H4sIAAAAAAAAADslzmtoZmJpYGFsaGJkZG4IABpgvekQAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjU0MTCwMLE0MjA2tbQwMzE0NRTiM9S1MDLwyUz3NjX2DwgDAOGSivolAAAA
.rfihub.com/	1970-01-20 11:26:19	Name: rud Value: H4sIAAAAAAAAAOMSNjU0MTCwMLE0MjA2tbQwMzE0NRTiM9S1MDLwyUz3NjX2DwiT4jU0M7E0sDA2NDEyMjcEAFHHiS00AAAA
.servenobid.com/	1970-01-20 02:14:47	Name: pid_310 Value: a6a0b6e82264d0d69e00062c
.a-mo.net/	1970-01-20 10:50:19	Name: amuid2 Value: 205df589-d6b1-4bcd-9246-27c517b23db5
.smartadserver.com/	1970-01-20 11:34:57	Name: pid Value: 7962931321991229201
.servenobid.com/	1970-01-20 02:14:47	Name: pid_324 Value: 5140084920359864151
.bidr.io/	1970-01-20 11:33:16	Name: bito Value: AAFPUE7ElgYAADYXNZDlzg
.bidr.io/	1970-01-20 11:33:16	Name: bitoIsSecure Value: ok
.servenobid.com/	1970-01-20 02:14:47	Name: pid_309 Value: e_726c0f2d-36ea-41a4-b055-fd32f5107dfb
.servenobid.com/	1970-01-20 02:14:47	Name: pid_327 Value: 205df589-d6b1-4bcd-9246-27c517b23db5
.servenobid.com/	1970-01-20 02:14:47	Name: pid_317 Value: 7962931321991229201
.creativecdn.com/	1970-01-20 10:50:19	Name: u Value: utWF8ZYrCiZqaPlmyHE5
.creativecdn.com/	1970-01-20 10:50:19	Name: ts Value: 1649083142
.brand-display.com/	1970-01-20 19:35:55	Name: _knxq_ Value: de245464-ce81-a966-9bb8442d.1649083142.0.1649083142.1649083142
.emxdgt.com/	1970-01-20 02:47:55	Name: euid Value: 201261649083142371530f1
.adsrvr.org/	1970-01-20 10:50:19	Name: TDID Value: 7f0abd6a-1fa3-418c-99fb-344c195a3f4e
.adsrvr.org/	1970-01-20 10:50:19	Name: TDCPM Value: CAEYBSABKAIyCwj8qsL98pTLOhAFOAE.
.emxdgt.com/	1970-01-20 02:47:55	Name: eapn_id Value: 7017324650599299232
.360yield.com/	1970-01-20 04:14:19	Name: tuuid Value: bf8628ed-a1d0-44a5-b84c-83296fb9e707
.360yield.com/	1970-01-20 04:14:19	Name: tuuid_lu Value: 1649083142
.pubmatic.com/	1970-01-20 02:47:55	Name: KRTBCOOKIE_699 Value: 22727-AAFPUE7ElgYAADYXNZDlzg
.pubmatic.com/	1970-01-20 02:47:55	Name: PugT Value: 1649083140
.pubmatic.com/	1970-01-20 04:14:19	Name: PUBMDCID Value: 3
.casalemedia.com/	1970-01-20 10:50:19	Name: CMRUM3 Value: be624b030605a0&27624b03060b40&f1624b030605a0&2d624b03042760CAESEMEf7dQG7ol9Py0mOaf-1Dg&1a624b030605a0&bf624b03062760de245464-ce81-a966-9bb8442d&e6624b03062760&ce624b030605a0&49624b030605a0
.analytics.yahoo.com/	1970-01-20 10:50:19	Name: IDSYNC Value: "1762~2452:196n~2452:17ot~2452"
.tidaltv.com/	1970-01-20 10:50:19	Name: tidal_ttid Value: 7b76632d-07ae-438d-9b72-94ecb3d98783
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB5G Value: s568\|YksDC
.tidaltv.com/	1970-01-20 10:50:19	Name: sync-his Value: "H4sIAAAAAAAAADM0NjA3tzI0NgMAuwXy9wkAAAA="
.smartadserver.com/	1970-01-20 11:34:57	Name: csync Value: 22:2816406467213944867\|96:7b76632d-07ae-438d-9b72-94ecb3d98783
.technoratimedia.com/	1970-01-21 21:52:43	Name: tads_uid Value: GDPR
pool.admedo.com/	1970-01-20 10:50:19	Name: tuuid Value: 48291d83-92ba-493f-9864-fc0a78520a54
pool.admedo.com/	1970-01-20 10:50:19	Name: c Value: 1649083142
pool.admedo.com/	1970-01-20 10:50:19	Name: tuuid_lu Value: 1649083142
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: b8a8b2b4ad92928d
.outbrain.com/	1970-01-20 04:14:19	Name: obuid Value: 94807b16-5549-4516-adea-3b86b2a7cb67
sync.srv.stackadapt.com/	1970-01-20 10:50:19	Name: sa-user-id Value: s%3A0-bff119f1-decd-411d-6f93-4e2d7044401d.f444YKTeR2o8SFR%2BcrGhifp71qitTDLfgjluegZTYCc
.srv.stackadapt.com/	1970-01-20 10:50:19	Name: sa-user-id-v2 Value: s%3Av_EZ8d7NQR1vk04tcERAHdlAlwk.GphVjEwB6weqA9F%2FTB2scOUqvOSoQFkfCJJA2Gl1eBw
.ipredictive.com/	1970-01-20 10:50:19	Name: cu Value: f8bab27a-b424-11ec-b297-832d259745f8\|1649083142645
.zemanta.com/	1970-01-20 10:50:19	Name: zuid Value: Wvnl_dgpV09Y7gTjL88H
.amazon-adsystem.com/	1970-01-20 08:36:23	Name: ad-id Value: A_vyL5Wby0SamNWvwsX7bHI
.amazon-adsystem.com/	1970-01-22 00:00:52	Name: ad-privacy Value: 0
.liadm.com/	1970-01-20 19:35:55	Name: lidid Value: a4c5ce24-1285-46f4-9abe-57cb9e6dd515
.servenobid.com/	1970-01-20 02:14:47	Name: pid_321 Value: OPTOUT

36 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=c4180631-1416-4ef7-ba24-0ab8a465c747&tw_document_href=https%3A%2F%2Fthreatpost.com%2Flog4jshell-swarm-vmware-servers-miners-backdoors%2F179142%2F&tpx_cb=twttr.conversion.loadPixels Message: Failed to load resource: the server responded with a status of 403 ()
javascript	warning	URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
network	error	URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEE8pRLmk4WcahdGNEGWrncI&google_cver=1&google_push=AYg5qPJYxmti126FpO7FtD0oYh5bXeDGMEKeUMv_QkvjwzW-faGM96O7ds9MS8f2Fu1Jag8F8pEwQzrgbmG131awQnmjqEBcKvU0bg Message: Failed to load resource: net::ERR_ADDRESS_UNREACHABLE
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YksDBIYFreWLoXXsueWyFAAABKEAAAIB&google_push=AYg5qPLGNnbr327Hcng8ebqIcEzkEKshwskFvAgr5WMB0DXii6ZDP8gQ7mHCWasIrOLAi8YjtCFsq0Aoq6BlGojEnHGG6Sgvrlad&google_cver=1&google_gid=CAESEDlzhL3FvnFQneeYBa7tuOU Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://js-sec.indexww.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').
network	error	URL: https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID&gdpr=1 Message: Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').
network	error	URL: https://id.rlcdn.com/709414.gif Message: Failed to load resource: the server responded with a status of 451 ()
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').
security	error	URL: https://qd.admetricspro.com/js/threatpost/uspcmp.js(Line 7) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://threatpost.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
javascript	warning	URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-900italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300italic-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://threatpost.com/log4jshell-swarm-vmware-servers-miners-backdoors/179142/ Message: The resource https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1ced603558d32ff8daab628b9496aafa.safeframe.googlesyndication.com
9582686.fls.doubleclick.net
acdn.adnxs.com
ad.360yield.com
ads.pubmatic.com
ads.servenobid.com
ads.yahoo.com
adservice.google.com
adservice.google.de
ag.innovid.com
analytics.twitter.com
ap.lijit.com
assets.threatpost.com
b1sync.zemanta.com
bh.contextweb.com
btlr.sharethrough.com
c.amazon-adsystem.com
c.bing.com
c1.adform.net
c2shb.pubgw.yahoo.com
c2shb.ssp.yahoo.com
capi-tier-2-us-east-2.connatix.com
capi.connatix.com
cd.connatix.com
cdn.id5-sync.com
cds.connatix.com
ce.lijit.com
cm.everesttech.net
cm.g.doubleclick.net
cms.quantserve.com
code.createjs.com
creativecdn.com
cs-server-s2s.yellowblue.io
cs.emxdgt.com
dmp.brand-display.com
dpm.demdex.net
dsum-sec.casalemedia.com
dsum.casalemedia.com
e.serverbid.com
eb2.3lift.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
g2.gumgum.com
geo.ipify.org
gift-connect-d.openx.net
go.sonobi.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
googlecm.hit.gemius.pl
gum.criteo.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.liadm.com
i6.liadm.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
image2.pubmatic.com
image6.pubmatic.com
imasdk.googleapis.com
img.connatix.com
ins.connatix.com
js-sec.indexww.com
kaspersky.d3.sc.omtrdc.net
kaspersky.demdex.net
kasperskycontenthub.com
lit.connatix.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
media.kaspersky.com
media.threatpost.com
mp.4dex.io
mug.criteo.com
odr.mookie1.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-us-east.rubiconproject.com
pixel.33across.com
pixel.advertising.com
pixel.quantserve.com
pixel.rubiconproject.com
pm.w55c.net
pool.admedo.com
pr-bh.ybp.yahoo.com
prebid.a-mo.net
public.servenobid.com
px.ads.linkedin.com
px4.ads.linkedin.com
qd.admetricspro.com
rtb-csync.smartadserver.com
rtb.gumgum.com
rtb.openx.net
rules.quantcount.com
s.amazon-adsystem.com
s0.2mdn.net
script.4dex.io
secure-assets.rubiconproject.com
secure.adnxs.com
secure.cdn.fastclick.net
secure.quantserve.com
securepubads.g.doubleclick.net
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
snap.licdn.com
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
stags.bluekai.com
static.ads-twitter.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.search.spotxchange.com
sync.serverbid.com
sync.srv.stackadapt.com
sync.taboola.com
sync.teads.tv
sync.technoratimedia.com
sync.tidaltv.com
t.co
tag.1rx.io
tagan.adlightning.com
teachingaids-d.openx.net
tg.socdm.com
threatpost.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
u.openx.net
ups.analytics.yahoo.com
us-u.openx.net
usersync.gumgum.com
vid.connatix.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.linkedin.com
x.bidswitch.net
cm.g.doubleclick.net
googlecm.hit.gemius.pl
sync.1rx.io
104.109.78.125
104.111.215.191
104.111.242.245
104.244.42.197
104.244.42.67
108.157.4.6
124.146.215.44
13.107.42.14
141.226.228.48
141.95.99.207
142.250.185.166
142.250.185.226
145.40.89.200
15.188.95.229
150.136.156.92
151.101.130.137
151.101.2.137
151.101.2.49
167.172.1.14
169.197.150.7
172.217.18.98
178.128.135.80
178.162.133.148
178.162.133.149
178.250.2.146
18.118.192.126
18.156.195.47
18.184.26.136
18.193.246.175
18.193.253.159
18.195.155.181
184.31.84.150
185.184.8.90
185.29.132.241
185.64.189.110
185.64.189.112
185.64.190.78
185.85.15.31
185.86.139.114
185.86.139.94
185.94.180.125
193.0.160.129
198.148.27.139
199.232.136.157
2.19.35.65
205.185.216.10
209.54.176.128
213.19.147.42
213.19.147.44
216.52.2.19
216.52.2.48
23.206.210.112
2600:1f18:444a:4680:5b76:7408:bdd4:1592
2600:9000:2057:1c00:2:9275:3d40:93a1
2600:9000:214f:6800:0:5c46:4f40:93a1
2600:9000:2315:a400:6:44e3:f8c0:93a1
2602:803:c003:200::21
2606:4700:20::681a:9a9
2606:4700:3030::ac43:cf70
2606:4700::6812:272
2620:116:800d:21:ee05:6a01:4b41:8c89
2620:1ec:21::14
2620:1ec:bdf::44
2620:1ec:c11::200
2a00:1288:80:807::1
2a00:1450:4001:800::2008
2a00:1450:4001:801::2003
2a00:1450:4001:803::2001
2a00:1450:4001:803::2002
2a00:1450:4001:803::2003
2a00:1450:4001:80f::200a
2a00:1450:4001:810::200e
2a00:1450:4001:827::2004
2a00:1450:4001:828::200a
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2006
2a00:1450:400c:c0c::9d
2a02:2638::1c
2a02:26f0:3500:11::215:14dc
2a02:26f0:3500:7::17d8:4dd2
2a05:d018:24:b001:8602:c81a:97ba:276d
2a05:d018:d29:3605:94f3:d01d:495a:dfd0
2a05:d01c:1d8:8100:8701:aae2:1118:ca9
3.122.211.253
3.126.56.137
3.211.160.95
3.224.178.199
34.111.151.213
34.241.76.6
34.248.76.8
34.98.67.61
35.157.246.167
35.173.160.135
35.186.253.211
35.210.53.219
35.244.159.8
35.244.174.68
35.71.131.137
37.157.4.29
37.252.172.123
37.252.172.37
46.105.202.126
50.31.142.127
51.38.120.206
52.16.57.45
52.19.107.252
52.49.96.153
52.51.88.158
52.58.249.203
54.144.85.208
54.146.66.83
54.77.108.6
64.140.160.2
64.202.112.223
65.9.62.173
67.202.105.22
69.173.144.139
69.173.151.100
69.192.160.186
69.192.160.199
69.192.160.245
76.223.111.18
99.80.41.206
0245fcaaea90df2254a2b2f54f45f68f97ec0ec811148008f2ecbcec49286472
03017a7aab8674379b497b5937709b397d8f2353fbbe9af6e5b698ed8d7dca89
038fc4d49a9191d416d49841f371b6e0b06bb40f719124099d40fe8f393b9e2c
03cc687f0c8a2d1694e509b91fcd6c62c0fbdbdbdb850b8007b8052f649c7f77
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7
084885652dacd1b70a7979e7631caa6fe5985a5c1b872c28dd890d9ea39cec3d
0849eef021b381cb3f64d424bdd29839513dbb4e964aef0420136906426a18de
085f299301d3258baf25d3cdaf1ff539b13a00169b765b1c8abaabc5fe353d2b
0ab6b9e585cc580fc78f02c7b386bb1746e76696bc899bee0c53ce0b829f13be
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c
0fca399725097b7fcdd5557a0afba2a2cb92522e97d1c5932ccb3550c04f6220
1119f39b46f15ecba4131ef36fa1019b2501d56883ad704f0bfc9034b57987dc
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13c4f723ff4f8b5aa306147c28f106786fc96ed76d50d044e1cec29c6ca89628
1791bf831c158912a11ca40bcf5f3573fc54ec8f8343c37780dab679c0203d63
17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1981e4a4a37164092a6ace169ea16b64ee73e21015cb0e23646905a7e17b61a2
1a125096dce20357e3049f8166f66af69a0e57f5f802696000ab095613703e8f
1ae61ed61290f9bf2619f52667aafa622c805072c75765025f0b61a23862005f
1aeb3ee07f4b462935c5d8047ff038c8e279d75f9be1dcd0b848ba68223a3ee2
1d3e8cac42691c9cb0fe2ce27b4f2ede67bf7ff24d4d60783aa84e497f4ced10
1d5a65e5129df0b4c89e73f205c6cb89cba0cd1d8e21a1512ca76b769634052d
1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726
1e75cc0ac5751e2b840929379d0aaa51c843e75a328587d5dddf0a28d7e29087
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
1f3d8b57f69b73694c38ba6bbf8ddc46c8a5e52db401795fa8ab80643e14236d
20705cd7eabc01af8518d61a3c1e878d5c49d89465892c1d2909615a6be13d95
20c0569955e76587d3ea93366b1a031879abe919165e51170a378497fd2d8473
215f500ae1db630213530e7682c7bc7c64a72a85b8e3e51c9b56a97436d9e05e
22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90
22e56b7e66a75203914f5f0cb9cf1c4e95c065f101ace2189cc31de2da60f61e
238061d07939050aa57e683993b5cb59c2c55eb278f6841bd44ea9082d2f4ae1
2416bc49716c605ad1ab699eeadf99555e5f30e9fb7fa0b63fcd4ae4ccbb6712
2828f2192998668aba04c5106a913fb7aa7478e20763090983f385584a168794
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2a647d79b31b4b19f30c795aac862bcf5b424731c732e239775127b8ac4aae0a
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d
30194d68a2580c8ac7f9838a7e8e467518df1263859fca74c77143a99ac560a2
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
3320325f92bba32a6afd320f235eadaf65b7a4d96f67141f720aa9846a73320a
3373dca69883fd4d5298c955d822359a23e9c3658b63e06b483e251c10024f21
337ee726cff06c3298952e9e614ac81cadd6c5542680480fde8085a3cfb3d635
3788f6d78d3779c5cb9799b5a5194c8e4f56de10b3c7cc962dd4ff56a006c076
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
37de906a61c6adaa1c8a5ffbc5c92eb0f93d07365600bc8adb72530ac38fb93b
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a
3b9d39edb2591de65a095117689dd79effa44a7cf3e0a594d01c978b2f05d00e
3bb2621a4c0c710f6e78404473aebff8e115a28f8d53f44339b867c63ad93b26
3bedf93856446850d871835522e658c72be46c0acc9cdc84b88d0ab14206d400
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3ef5bfd224e0baa902eb88c94979cfaeccf2169a996c601fa3de4c3f3b33da01
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40692d1435a1bcb1ae63668f273ccb2f80f9180ea8351014a76ceaccb15f92c9
41f047950d4db7e04d250ebe65613aaaf482546a855d9321d1536ecb8ab6cccf
420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44a8cce8245ffbf3521f20a0b4bc806ba35141e62483e48d5be7c6222a9b3ca9
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7
4658e1122a2190db712f6731d3e8c14b027f0a42bd7c1333b11d272f8e9ea3fd
47b9ac2415309fb294d7e9c67dee101e9b7300bb6e3d20be0dc70ca2b0f818fd
4823c011e4b4cb4b7f35ced3ab09d57215ee243676d9bfcc24d10ec77d3db398
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4940ff7a15d8c00de5bd62664e5924c2132da2d683275b2565eb88ced63b9442
49527660dc4019ed37886618914c14d12f17feecac844e0c3e9979f553340977
4a18b0faf6a447454e134730303202f8416b72f1d4f744b1d3b4646636240eb7
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4d52f37b83f70c5035632548c652508d793eec55e17f2ac19552f4fa19d323be
4d94a0f51bade076fa154e469f12563fcee377fd94d79ca6d080d231e0e8b1d1
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4dc6f0b467dc11bb082e80e8c97f396534088eab6972158c85fbd454191f6517
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e0b5563ff1fc5175d65e11e1546bee1945486d65d76c9248bdd77487532dadf
500288356853c7199a27a6a2cdcd14b217d18dd9c8103272d8e6def6acbe2580
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70
519815bc4a3dd9a571cb56f57c7c6abfbda2b4e2de8c4b884a7535a1705438f2
53f6440548312e912300ca5fafa1cba39283dca8ba7c84e4a6a8ace656b95adb
546be401414bcb20cdea07cdbcd806409b9629e4895737e214401948c40409f3
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5907f9f9088c6415240908ea614d81cc4a2ae5e47a420ce07c3bf2fbc24913d5
5a30f03018680346c0ead70e1055a0f0c511017488f3c900ef491481073faf29
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf
5a95f70525680f77a69bb4968a2ca81edf332895b85d6a6b1b978911a2c04fe4
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5d5cf5a4a5b7c02915bc261dca0c755d29beda0c0c3a005c78c1682c9934bb3c
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62cbf085d014439b719c84c3d2f3222fde66e299c2da1b41dfc4dbb315db0456
6493fe707262fb8d9bc0e4d487e319fc9ebe7de26ebe7e3b4f58a5d17f03a9ea
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
68cc26362c0cc4baa161311ed8f92a440624b120f844cecef402a4c7f94bf39d
68cdaaeccd079ab33df06d3e5fb47594a4458a6491d48a8ae2f394defb419eb5
693c8b61667ac94847264924178702a190c5113b41b82085dad0641f89e3f864
69445fd8e1a8e96fc098b81f84d19b23cb88621fbc780e7dc24d0f6b3ae5bd80
69f0ade8cca67112ef495f707fb73c68fd5099a6cd9c51d9ba9ceda8dcca16f7
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b1bb389b13a881a2cefef04679293b420d442949428cb6fe32a876324fdf5d3
6c8e343da3b15a6a26e0367b83d1c97813863ea6e6a905bd9e69870bb0a0ebd0
6cf82c00ca4ccf23966e75cefbe4272931a5c6f510b5b34624f8344bbcb8c314
6e6377776a1104aed9b11142115b22dcaad3cf78ae76d255e454b04b7189af32
70932860c9e56c4ca18e5d29db92f65da71009e1104a37a4a343b3fa64b47757
7104f88840a420f1702717d900db98910deb6141ad639bb7338b88993e989c72
7180adf0c569f2c819febe58fb649a174e44a190573cbd99b898855e05db3abc
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658
739ab1cbd5fc795c806cfbc012e937834a1d566f02ed72ff02af2700c0629eb4
73fb5c187e71eaafae15c31f112eb99b27df61d841675fc8ca511397d202629e
765667af64d7879de1359c56a6863185971cf659169b0696e319c3b03ee58e1f
76ea50bbd29329093f4c8660b35cde7979479f9955b83d01de4a6fcba4b29246
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf
7e75ade51afcae47ec8dedc46bd50962ebb58b46638a69951f1f494c5052fe14
7ef42b5e13f85ed1b99488c6c327b8ec64dbc16717bef6afcbc4700fae9fc5f9
7fd9983a3429d6ead1f66bf933770f9b790818b189e39ff0f2a0d3f590bbf67b
8015a89c7e50b71a6597cfc7bc2be462212ae1f57c37e40878a79e7550768ccd
81eaa5d9b1f83abaa624c33145a0a8c68ea6d9641ab0a5fadcbf8a6f7896a625
823068b6b6a39cad32cf89edbec0d116531302e077b701ef7837ae95d6873d64
8278f3722ee191b87c680476060d23d0f76882f68ebe9a1e717740134016ff6a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb
87929a1146516d3b5c8cfa96d0a4b8cd67a36b9449d59052c6070264d7ab3ed7
88f81c0088519df10ba4eb33bb2141097a0cd0876d0f10cd815b9f2d27356de8
890aecaa78acf1904801547188563d78ab826d99308c85e5917cac87f8d5426e
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8db22950b3f47f686f4bad6b6d21386f03a4b0b24320c6715436424e41dcda09
8ed6970579208c26987ce61a881ac26f859bf1363413f8ce36801ec83309a34a
8edaef698e025c37ba9e8d632a895d7252c62251df3f095d5cff17b6f3304854
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
8fb4a4f4521a94032afdb851a8612f898a1e8a40705d06df03ddfa932d3ca274
92196319bc96170f6cff0b1624b742ca1a6d898825c0b4c907e7b30186b1f9e4
9234d2c890762769f323b282340f0e5330107731a3e914788f841b71ba9401e6
927e16d837ac9f46ddb4a64c8fea1cbe39343902c91b14e11b484e9b01f98cdd
931dc539e87db7f509be9c77dfcc9b2baee0b91e5236aa04580ab14ed81e2cc0
9348552099a43c0139caafab45ef6413d7cefac6722387854ad3f360660fd2af
93eb07c110cb5ad90163c26468fbf7421062b3270835fd1da910ca41b44a3e06
9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc
97f5070aadd9475bb56a49a7bc1114e9fe1b992b55f2b227502f35f8bba71d74
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9bf299629ade28d230020a94cc540131e008b5957dde2899297a823a08289423
9e89048f0456e3b02cedb7cf76410b3576a32bad0f1cc024640f01e1339b3a71
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a07616f5cdcfac14fb5a498820ddad5c074cf1719e64f823523d5ebf7b047e13
a08acd55bb001aa85ced7f4f93a4a1446ca18a17689e872b59a9da81ebe0cd45
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd
a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952
a458687751e48d0f34909564714e7c6dd152c0bef1e10c7c78d3f0d8a2ba1b91
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a58d46d853c21c8e11eb057aba26dbeeb32041b51a61d4e2c3adc86c09c08704
a6a4133176a2643a5954bc282949de2990bb0822774de8e0bd808cd25b6ad1d7
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22
a9e95c148b83923d4e0e6669ff545b764d8538bb9afd47614317ed89101a798d
aa0992b4e17a3324d53313c014452f8636a4c6b1b84d3187886c386140911535
aa1194ff341222c7133515d0e57fb1290f686080fb44f38bf9cc788fa4b262bf
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
abfb1f15c2cb3df79d00d5c685c6840b8f5c91ecebb41650eacb4611aeff6071
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be
b0c35bcc511183abbaf158b20f6f4a85a54cf4353b4df88163dc9425d97e4ca6
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1ed25b06e9dc8a8fdf322a31ec753509f7f53a97907cb5048444d0c25361820
b1f863d13dbad7d5240f577a73b47b06227d218909259042da95301e2eb8be55
b4bd9be7e8b021afadcb6d6749c6ff09cfe2d3713d6402e421edf8ebc5991d24
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bbe4e4e4e847a32bd717d963f0ac04b619a7a9cdd631a7454d9dfec16fbae73f
bcdf010ba3dc61605c33de9b33e7e76dbc3bb4326dcec49f33970345e517fb25
bdfd60b477fc3a53026309cc91965dae061323c4a99562dabdd08831147528b2
bffba79cd4f0529125a5bded2bf76584d27649a277cce3e80570ca43cb364d6b
c0af5c7d6cc6f6093843f59f5a586e163a02964e681831a0c3177d9915d0a4c7
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c4b29aab3e26c527455e248cb532bf1a0a7023b1ac608a03b5a9119c9b447234
c8c03fd4dea0f2c83fa05b10dfd913bfcff51d05e0c6e84b7f340b857fdda517
ca2b7ad3d597f6421ce95bb02b8305c5675428fda90484ae183435edd5332f34
ca9d67fc22e8966185fe95ac01764a0e2ead5cdebf553b9edd03deb6f9f30761
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cb08bc8ff90970ab6deb7e8e6018bc5dc8b9b48fb2d795ca40a5f2e5aca8c490
cb2388cee00751f237d133d0d447e489f450c556a6f771bd736321d074d5c36a
ccc1eda3418d5a3df5e4ef7042aee8648102fe88b083b8837605630a13efc84e
cde2242cb02d31cae365dd484a1691692fa82047940f2347f595cae51bee0308
ced83ba438296fa3e9d92f901960a392c8b38fb43340f313075b4fabb7d5e3dc
d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
d46128d6fba7c1ef2cf32e07d697f9e725364fde5814f51375e7b2abb30e2a64
d4c4215f41a4bb6f12e0d100854eecc6bc5c57ef23af0e945b8359d7727ae94e
d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57
d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060
d78fa11d49d6f5896519ee387440209a4ad363f68a816146c03b732b3fd45809
d87c3218ce6bd91cbb46b702bc1adf432c07dd519a00f54d9d9dfdcf4588ace5
d8bd1954d35c36441c577e571af12e327da0115465a35f85bca7f6976ad49dda
db626e69411c9185f599b3e50fcf3964089c039d05371d6dead8500c8afc2f25
dd5d3756923caa7a376d9113eac043aaf569150470c0128bf1a15d52a8a4ebdd
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
decfa0ac69afecc487e38943448723e14f986e53b62c0ad370dcd643329402d5
dff2681d8f5f16b61b464b599d7c62f61efe496b54a77044145495bc8cad36d0
e0f1df7af81fd8eb920863093c426fdafd241b8d9aeb6126fb2fd24f36c061b3
e11dced993be3d8dc0b83a9532f0423d64ef189d577b91a7f9794b653ba435bd
e127aead57cd6625f795f8c41d8b7c463c2c50158e3a3dc398424db2b16bd5db
e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e2835af998d5ef885bfa14a1b1995c7724d5b6a76f545b4a491763bff6f0dac5
e2c4332b6cd0fea250e89907921adaf7e597b52808cf19c995d6173ae0263f21
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e57b56fa699c58aafc383905dcb6f68910dc0a5cac26b1ab0a4646216c1f2f83
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
e998d70d54146b70fbd8882efdd0682978dbc337f03a6e22367cb97aadf9e573
eac61327f649a8b9714f0ca690d1ea092f9ff313aabf11583e4ed12ee19a92c1
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
eee05fbae058cdbd8ff3932cda76cfe9096d8cb9c1e5a8fa3b581700540f854c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f12c6133a12eead81c368fe146cb489bdb7331b5e3b5ceb9ea52eac1e3feb815
f3d66b78ca0c93adf48dec8533da3c4db538cc648dc60e383d5fd0b666859206
f4b064d961dd5c30917481f9cf22f400d352737e7dac10d70e574877eef1e8ea
f5376706e5e6bb357e3e7e3443686d5e028afc1c1e67b5ceecfd0e4d3ce63d00
f5eea1c9406e22225635f46d7ddde71a450b2337a7cd0b25ff834aef95734258
f69bec4f58ecd80805b045c8cf496437d1ab6bd6355fa3eeb5df43f08e7b9407
f8a2b5b62eb722c3379b30cf0cc58d3176ee6be48036d6ad2aa838d2029c4189
fc4438ca66539b20fc6649004eb8d29453f15da7ff924cc061e3bf62739eac43

threatpost.com Open in urlscan Pro 35.173.160.135 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

462 Requests

84 %HTTPS

27 %IPv6

87 Domains

148 Subdomains

99 IPs

9 Countries

6370 kBTransfer

15523 kBSize

116 Cookies

23 Outgoing links

Redirected requests

462 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Screenshot
Live screenshot

Full Image

462
Requests

84 %
HTTPS

27 %
IPv6

87
Domains

148
Subdomains

99
IPs

9
Countries

6370 kB
Transfer

15523 kB
Size

116
Cookies

462 HTTP transactions
4 data transactions